Edit tour

Windows Analysis Report
Y4svWfRK1L.exe

Overview

General Information

Sample name:	Y4svWfRK1L.exe renamed because original name is a hash value
Original sample name:	ce1ebe1f0dd4d6d5866d0917439c24a0.exe
Analysis ID:	1580921
MD5:	ce1ebe1f0dd4d6d5866d0917439c24a0
SHA1:	4800104f6e2984849ea41d0fb307336511b7b4c4
SHA256:	89d52483511cad269996b2e1dbe87c958bdbd4b5567e7d8cad0abbcf710f839a
Tags:	exeuser-abuse_ch
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Hides threads from debuggers

LummaC encrypted strings found

Machine Learning detection for sample

PE file contains section with special chars

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Detected potential crypto function

Entry point lies outside standard sections

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

Y4svWfRK1L.exe (PID: 7272 cmdline: "C:\Users\user\Desktop\Y4svWfRK1L.exe" MD5: CE1EBE1F0DD4D6D5866D0917439C24A0)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["slipperyloo.lat", "curverpluch.lat", "tentabatte.lat", "talkynicer.lat", "manyrestro.lat", "observerfry.lat", "shapestickyr.lat", "bashfulacid.lat", "wordyfindy.lat"], "Build id": "LOGS11--LiveTraffic"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:13:34.807205+0100	2028371	3	Unknown Traffic	192.168.2.4	49730	104.102.49.254	443	TCP
2024-12-26T13:13:37.735371+0100	2028371	3	Unknown Traffic	192.168.2.4	49731	172.67.157.254	443	TCP
2024-12-26T13:13:39.753606+0100	2028371	3	Unknown Traffic	192.168.2.4	49732	172.67.157.254	443	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:13:38.498914+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49731	172.67.157.254	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:13:38.498914+0100	2049836	1	A Network Trojan was detected	192.168.2.4	49731	172.67.157.254	443	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bashfulacid .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:13:33.024548+0100	2058480	1	Domain Observed Used for C2 Detected	192.168.2.4	49412	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (curverpluch .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:13:32.744671+0100	2058484	1	Domain Observed Used for C2 Detected	192.168.2.4	64860	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (manyrestro .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:13:32.318950+0100	2058492	1	Domain Observed Used for C2 Detected	192.168.2.4	53640	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (shapestickyr .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:13:32.458738+0100	2058500	1	Domain Observed Used for C2 Detected	192.168.2.4	55070	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (slipperyloo .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:13:32.171129+0100	2058502	1	Domain Observed Used for C2 Detected	192.168.2.4	57210	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (talkynicer .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:13:32.599896+0100	2058510	1	Domain Observed Used for C2 Detected	192.168.2.4	61021	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tentabatte .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:13:32.885219+0100	2058512	1	Domain Observed Used for C2 Detected	192.168.2.4	58429	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wordyfindy .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:13:31.990402+0100	2058514	1	Domain Observed Used for C2 Detected	192.168.2.4	56045	1.1.1.1	53	UDP

ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:13:36.049226+0100	2858666	1	Domain Observed Used for C2 Detected	192.168.2.4	49730	104.102.49.254	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: Y4svWfRK1L.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://lev-tolstoi.com/piL	Avira URL Cloud: Label: malware
Source: https://lev-tolstoi.com/piD	Avira URL Cloud: Label: malware
Source: https://lev-tolstoi.com/apiJ	Avira URL Cloud: Label: malware
Source: https://lev-tolstoi.com/piE	Avira URL Cloud: Label: malware
Source: https://lev-tolstoi.com/E	Avira URL Cloud: Label: malware

Found malware configuration

Source: Y4svWfRK1L.exe.7272.0.memstrmin

Malware Configuration Extractor: LummaC {"C2 url": ["slipperyloo.lat", "curverpluch.lat", "tentabatte.lat", "talkynicer.lat", "manyrestro.lat", "observerfry.lat", "shapestickyr.lat", "bashfulacid.lat", "wordyfindy.lat"], "Build id": "LOGS11--LiveTraffic"}

Multi AV Scanner detection for submitted file

Source: Y4svWfRK1L.exe	ReversingLabs: Detection: 68%
Source: Y4svWfRK1L.exe	Virustotal: Detection: 54%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: Y4svWfRK1L.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000003.1684311376.0000000004A40000.00000004.00001000.00020000.00000000.sdmp	String decryptor: bashfulacid.lat
Source: 00000000.00000003.1684311376.0000000004A40000.00000004.00001000.00020000.00000000.sdmp	String decryptor: tentabatte.lat
Source: 00000000.00000003.1684311376.0000000004A40000.00000004.00001000.00020000.00000000.sdmp	String decryptor: curverpluch.lat
Source: 00000000.00000003.1684311376.0000000004A40000.00000004.00001000.00020000.00000000.sdmp	String decryptor: talkynicer.lat
Source: 00000000.00000003.1684311376.0000000004A40000.00000004.00001000.00020000.00000000.sdmp	String decryptor: shapestickyr.lat
Source: 00000000.00000003.1684311376.0000000004A40000.00000004.00001000.00020000.00000000.sdmp	String decryptor: manyrestro.lat
Source: 00000000.00000003.1684311376.0000000004A40000.00000004.00001000.00020000.00000000.sdmp	String decryptor: slipperyloo.lat
Source: 00000000.00000003.1684311376.0000000004A40000.00000004.00001000.00020000.00000000.sdmp	String decryptor: wordyfindy.lat
Source: 00000000.00000003.1684311376.0000000004A40000.00000004.00001000.00020000.00000000.sdmp	String decryptor: observerfry.lat
Source: 00000000.00000003.1684311376.0000000004A40000.00000004.00001000.00020000.00000000.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000003.1684311376.0000000004A40000.00000004.00001000.00020000.00000000.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000003.1684311376.0000000004A40000.00000004.00001000.00020000.00000000.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000003.1684311376.0000000004A40000.00000004.00001000.00020000.00000000.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000003.1684311376.0000000004A40000.00000004.00001000.00020000.00000000.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000003.1684311376.0000000004A40000.00000004.00001000.00020000.00000000.sdmp	String decryptor: LOGS11--LiveTraffic

Source: Y4svWfRK1L.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.4:49731 version: TLS 1.2

Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then mov edx, ebx	0_2_00498600
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-16h]	0_2_004D1720
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then lea esi, dword ptr [eax+00000270h]	0_2_00498A50
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_004BE0DA
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then mov esi, ecx	0_2_004B90D0
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_004BC0E6
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_004BC09E
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_004BC09E
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then mov eax, dword ptr [004D6130h]	0_2_004A8169
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+ecx-16h]	0_2_004D1160
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then mov ecx, eax	0_2_004BD17D
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h	0_2_004BB170
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then mov ecx, eax	0_2_004BD116
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_004B81CC
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_004C6210
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_004BD34A
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h	0_2_004D0340
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then mov ecx, eax	0_2_004AC300
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_004B83D8
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]	0_2_004973D0
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then movzx ecx, word ptr [edi+esi*4]	0_2_004973D0
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then mov eax, ebx	0_2_004B7440
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+09AD4080h]	0_2_004B7440
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then movzx edx, byte ptr [eax+edi-74D5A7FEh]	0_2_004BC465
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_004BC465
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_004A747D
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then mov word ptr [edx], di	0_2_004A747D
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then movzx ecx, byte ptr [esi+eax+61765397h]	0_2_004AB57D
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_004B8528
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then mov edi, ecx	0_2_004BA5B6
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-16h]	0_2_004D06F0
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+20h]	0_2_004B7740
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then jmp eax	0_2_004B9739
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then jmp edx	0_2_004B37D6
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then mov dword ptr [esp+20h], eax	0_2_00499780
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_004BC850
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then push esi	0_2_0049C805
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_004B2830
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx+04h]	0_2_004CC830
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then mov ecx, eax	0_2_004AD8D8
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then mov ecx, eax	0_2_004AD8D8
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then mov edx, ecx	0_2_004AB8F6
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then mov edx, ecx	0_2_004AB8F6
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then mov ecx, eax	0_2_004AD8AC
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then mov ecx, eax	0_2_004AD8AC
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then mov eax, ebx	0_2_004AC8A0
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax-000000BEh]	0_2_004AC8A0
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+edx+0Ah]	0_2_004AC8A0
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-2E3D7ACEh]	0_2_004AC8A0
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_004B89E9
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_004BB980
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 385488F2h	0_2_004CC990
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then jmp edx	0_2_004B39B9
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then movzx ecx, byte ptr [edx+eax]	0_2_004B39B9
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then cmp dword ptr [ecx+ebx*8], 385488F2h	0_2_004CCA40
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_004B1A10
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then dec edx	0_2_004CFA20
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_004BAAC0
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+0Ah]	0_2_0049AB40
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then dec edx	0_2_004CFB10
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-6E2DD57Fh]	0_2_004AEB80
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then mov edi, dword ptr [esi+30h]	0_2_0049CC7A
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_004A4CA0
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then dec edx	0_2_004CFD70
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then mov edx, ecx	0_2_004B6D2E
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx-16h]	0_2_004D0D20
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then movzx esi, byte ptr [ebp+eax-46h]	0_2_004CEDC1
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_004BDDFF
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh	0_2_004CCDF0
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx-3ECB279Fh]	0_2_004CCDF0
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh	0_2_004CCDF0
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 7F7BECC6h	0_2_004CCDF0
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then mov ecx, eax	0_2_004B2E6D
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then jmp edx	0_2_004B2E6D
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then movzx ecx, byte ptr [edx+eax]	0_2_004B2E6D
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then dec edx	0_2_004CFE00
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_004BDE07
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then mov edx, ecx	0_2_004B9E80
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then movzx eax, byte ptr [ebp+edi+00000090h]	0_2_00492EB0
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_004A6F52
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then mov edi, dword ptr [esp+28h]	0_2_004B5F1B
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 4x nop then mov ecx, eax	0_2_004BBF13

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2058500 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (shapestickyr .lat) : 192.168.2.4:55070 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058512 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tentabatte .lat) : 192.168.2.4:58429 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058514 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wordyfindy .lat) : 192.168.2.4:56045 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058480 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bashfulacid .lat) : 192.168.2.4:49412 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058510 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (talkynicer .lat) : 192.168.2.4:61021 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058492 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (manyrestro .lat) : 192.168.2.4:53640 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058502 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (slipperyloo .lat) : 192.168.2.4:57210 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058484 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (curverpluch .lat) : 192.168.2.4:64860 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.4:49730 -> 104.102.49.254:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49731 -> 172.67.157.254:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49731 -> 172.67.157.254:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: slipperyloo.lat
Source: Malware configuration extractor	URLs: curverpluch.lat
Source: Malware configuration extractor	URLs: tentabatte.lat
Source: Malware configuration extractor	URLs: talkynicer.lat
Source: Malware configuration extractor	URLs: manyrestro.lat
Source: Malware configuration extractor	URLs: observerfry.lat
Source: Malware configuration extractor	URLs: shapestickyr.lat
Source: Malware configuration extractor	URLs: bashfulacid.lat
Source: Malware configuration extractor	URLs: wordyfindy.lat

Source: Joe Sandbox View	IP Address: 172.67.157.254 172.67.157.254
Source: Joe Sandbox View	IP Address: 104.102.49.254 104.102.49.254

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49732 -> 172.67.157.254:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49731 -> 172.67.157.254:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49730 -> 104.102.49.254:443

Source: global traffic	HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com

Source: global traffic	DNS traffic detected: DNS query: observerfry.lat
Source: global traffic	DNS traffic detected: DNS query: wordyfindy.lat
Source: global traffic	DNS traffic detected: DNS query: slipperyloo.lat
Source: global traffic	DNS traffic detected: DNS query: manyrestro.lat
Source: global traffic	DNS traffic detected: DNS query: shapestickyr.lat
Source: global traffic	DNS traffic detected: DNS query: talkynicer.lat
Source: global traffic	DNS traffic detected: DNS query: curverpluch.lat
Source: global traffic	DNS traffic detected: DNS query: tentabatte.lat
Source: global traffic	DNS traffic detected: DNS query: bashfulacid.lat
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com
Source: global traffic	DNS traffic detected: DNS query: lev-tolstoi.com

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com

Source: Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000002.1768443837.0000000000D2B000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754626317.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1767142790.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: Y4svWfRK1L.exe, 00000000.00000003.1754596470.0000000000D31000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: Y4svWfRK1L.exe, 00000000.00000003.1754596470.0000000000D31000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
Source: Y4svWfRK1L.exe, 00000000.00000003.1754596470.0000000000D31000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754521867.0000000000D8D000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
Source: Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
Source: Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
Source: Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
Source: Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
Source: Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
Source: Y4svWfRK1L.exe, 00000000.00000003.1754596470.0000000000D31000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D8E000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754521867.0000000000D8D000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
Source: Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000002.1768443837.0000000000D2B000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754626317.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1767142790.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: Y4svWfRK1L.exe, 00000000.00000003.1754596470.0000000000D31000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754521867.0000000000D8D000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
Source: Y4svWfRK1L.exe, 00000000.00000003.1754596470.0000000000D31000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754521867.0000000000D8D000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
Source: Y4svWfRK1L.exe, 00000000.00000003.1754596470.0000000000D31000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754521867.0000000000D8D000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRi
Source: Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
Source: Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
Source: Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
Source: Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
Source: Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
Source: Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
Source: Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
Source: Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
Source: Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
Source: Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=oOCAGrkRfpQ6&l=e
Source: Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
Source: Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
Source: Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
Source: Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
Source: Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
Source: Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
Source: Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
Source: Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
Source: Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/en/
Source: Y4svWfRK1L.exe, 00000000.00000003.1754596470.0000000000D31000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000002.1768457885.0000000000D32000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1767116865.0000000000D32000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lev-tolstoi.com/
Source: Y4svWfRK1L.exe, 00000000.00000003.1754596470.0000000000D31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lev-tolstoi.com/E
Source: Y4svWfRK1L.exe, 00000000.00000003.1767116865.0000000000D32000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lev-tolstoi.com/api
Source: Y4svWfRK1L.exe, 00000000.00000002.1768457885.0000000000D32000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1767116865.0000000000D32000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lev-tolstoi.com/apiJ
Source: Y4svWfRK1L.exe, 00000000.00000003.1754596470.0000000000D31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lev-tolstoi.com/pi
Source: Y4svWfRK1L.exe, 00000000.00000002.1768308675.0000000000D02000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lev-tolstoi.com/piD
Source: Y4svWfRK1L.exe, 00000000.00000003.1754596470.0000000000D31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lev-tolstoi.com/piE
Source: Y4svWfRK1L.exe, 00000000.00000002.1768308675.0000000000D02000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lev-tolstoi.com/piL
Source: Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/discussions/
Source: Y4svWfRK1L.exe, 00000000.00000003.1754596470.0000000000D31000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/market/
Source: Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: Y4svWfRK1L.exe, 00000000.00000003.1754596470.0000000000D31000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000002.1768457885.0000000000D32000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D8E000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1767116865.0000000000D32000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754521867.0000000000D8D000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
Source: Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000002.1768443837.0000000000D2B000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754626317.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1767142790.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
Source: Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/workshop/
Source: Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/
Source: Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/about/
Source: Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/explore/
Source: Y4svWfRK1L.exe, 00000000.00000003.1754596470.0000000000D31000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/legal/
Source: Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/mobile
Source: Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/news/
Source: Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/stats/
Source: Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443

Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.4:49731 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: Y4svWfRK1L.exe	Static PE information: section name:
Source: Y4svWfRK1L.exe	Static PE information: section name: .rsrc
Source: Y4svWfRK1L.exe	Static PE information: section name: .idata

Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0049B100	0_2_0049B100
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00498600	0_2_00498600
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00517051	0_2_00517051
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00509057	0_2_00509057
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0052B076	0_2_0052B076
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00538015	0_2_00538015
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004AD003	0_2_004AD003
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00516007	0_2_00516007
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0049D021	0_2_0049D021
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0050C024	0_2_0050C024
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004FC030	0_2_004FC030
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0051502E	0_2_0051502E
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004BA0CA	0_2_004BA0CA
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004A60E9	0_2_004A60E9
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_005270FE	0_2_005270FE
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004BC0E6	0_2_004BC0E6
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004BC09E	0_2_004BC09E
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00536086	0_2_00536086
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_005070BA	0_2_005070BA
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_005310B8	0_2_005310B8
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004F30BF	0_2_004F30BF
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004E70BB	0_2_004E70BB
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004BC09E	0_2_004BC09E
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004FD157	0_2_004FD157
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004A8169	0_2_004A8169
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00496160	0_2_00496160
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0053817D	0_2_0053817D
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00501119	0_2_00501119
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0051F13D	0_2_0051F13D
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004B81CC	0_2_004B81CC
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0053A1C6	0_2_0053A1C6
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0052C1F6	0_2_0052C1F6
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_005061F5	0_2_005061F5
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004F81FB	0_2_004F81FB
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004CF18B	0_2_004CF18B
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004BE180	0_2_004BE180
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004B91AE	0_2_004B91AE
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_005371BB	0_2_005371BB
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_005391B9	0_2_005391B9
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0050F1A2	0_2_0050F1A2
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_005041AE	0_2_005041AE
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0052F253	0_2_0052F253
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0052D27C	0_2_0052D27C
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00494270	0_2_00494270
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00518207	0_2_00518207
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0052420E	0_2_0052420E
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004AE220	0_2_004AE220
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004A1227	0_2_004A1227
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0066E218	0_2_0066E218
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_005202DA	0_2_005202DA
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_006732E8	0_2_006732E8
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004B42D0	0_2_004B42D0
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0051D2F7	0_2_0051D2F7
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_005012F7	0_2_005012F7
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_005252F8	0_2_005252F8
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004C9280	0_2_004C9280
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004BD34A	0_2_004BD34A
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004B1340	0_2_004B1340
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0051637A	0_2_0051637A
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004BF377	0_2_004BF377
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00499310	0_2_00499310
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0050E332	0_2_0050E332
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00505334	0_2_00505334
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0049F3C0	0_2_0049F3C0
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004F33C5	0_2_004F33C5
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0050D3DD	0_2_0050D3DD
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004B83D8	0_2_004B83D8
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004FB3DC	0_2_004FB3DC
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004973D0	0_2_004973D0
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_005083F2	0_2_005083F2
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_005033F9	0_2_005033F9
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_005023E7	0_2_005023E7
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_005233E5	0_2_005233E5
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_005A3391	0_2_005A3391
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0053038F	0_2_0053038F
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0051738C	0_2_0051738C
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_005353B2	0_2_005353B2
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0066938E	0_2_0066938E
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004B7440	0_2_004B7440
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004CA440	0_2_004CA440
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004D0460	0_2_004D0460
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0053247D	0_2_0053247D
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004A747D	0_2_004A747D
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0051041C	0_2_0051041C
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004F9401	0_2_004F9401
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0050C433	0_2_0050C433
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0051E436	0_2_0051E436
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00678408	0_2_00678408
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004B04C6	0_2_004B04C6
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004B24E0	0_2_004B24E0
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_005264FD	0_2_005264FD
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0049D4F3	0_2_0049D4F3
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004FC49F	0_2_004FC49F
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00537557	0_2_00537557
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00504540	0_2_00504540
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004FE55A	0_2_004FE55A
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00538577	0_2_00538577
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004B4560	0_2_004B4560
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00515561	0_2_00515561
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0051251B	0_2_0051251B
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00533518	0_2_00533518
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0052B503	0_2_0052B503
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004F8513	0_2_004F8513
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0066250F	0_2_0066250F
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004BC53C	0_2_004BC53C
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0050B527	0_2_0050B527
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_005395C1	0_2_005395C1
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004CA5D4	0_2_004CA5D4
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004FD5E0	0_2_004FD5E0
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_005345E5	0_2_005345E5
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004965F0	0_2_004965F0
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00503580	0_2_00503580
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00500589	0_2_00500589
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004CC5A0	0_2_004CC5A0
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004C8650	0_2_004C8650
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00531679	0_2_00531679
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0052C67E	0_2_0052C67E
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0066764B	0_2_0066764B
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0049F60D	0_2_0049F60D
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0052261A	0_2_0052261A
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004A961B	0_2_004A961B
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0052F63D	0_2_0052F63D
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004AE630	0_2_004AE630
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004F16C8	0_2_004F16C8
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_005006C1	0_2_005006C1
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0050D6C7	0_2_0050D6C7
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004B46D0	0_2_004B46D0
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_005306F5	0_2_005306F5
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_005196E5	0_2_005196E5
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004D06F0	0_2_004D06F0
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00537693	0_2_00537693
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0049E687	0_2_0049E687
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0051F683	0_2_0051F683
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0052A685	0_2_0052A685
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0051868C	0_2_0051868C
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_005016BE	0_2_005016BE
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004B7740	0_2_004B7740
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00516741	0_2_00516741
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004A2750	0_2_004A2750
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0050E711	0_2_0050E711
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004F6700	0_2_004F6700
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0051B738	0_2_0051B738
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004B9739	0_2_004B9739
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004A57C0	0_2_004A57C0
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_005327CF	0_2_005327CF
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0052F7FA	0_2_0052F7FA
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_005087FF	0_2_005087FF
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00499780	0_2_00499780
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004F27AF	0_2_004F27AF
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0049C840	0_2_0049C840
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0051A85B	0_2_0051A85B
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0066C821	0_2_0066C821
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004FA808	0_2_004FA808
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0050181F	0_2_0050181F
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004F3817	0_2_004F3817
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0050280C	0_2_0050280C
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0049D83C	0_2_0049D83C
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0053582F	0_2_0053582F
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004938C0	0_2_004938C0
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004C38D0	0_2_004C38D0
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0053B8FE	0_2_0053B8FE
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004AB8F6	0_2_004AB8F6
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004FF88C	0_2_004FF88C
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_006768A3	0_2_006768A3
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0050C89D	0_2_0050C89D
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004AC8A0	0_2_004AC8A0
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_005158BA	0_2_005158BA
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004C88B0	0_2_004C88B0
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00538949	0_2_00538949
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004F5954	0_2_004F5954
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0053694D	0_2_0053694D
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00509976	0_2_00509976
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004AE960	0_2_004AE960
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004F797F	0_2_004F797F
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00495900	0_2_00495900
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00529919	0_2_00529919
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00517903	0_2_00517903
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00512904	0_2_00512904
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004B6910	0_2_004B6910
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0052690F	0_2_0052690F
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00513924	0_2_00513924
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0051092B	0_2_0051092B
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004BC9EB	0_2_004BC9EB
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_006469CC	0_2_006469CC
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004D09E0	0_2_004D09E0
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0053399C	0_2_0053399C
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004FE99C	0_2_004FE99C
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004FD9BE	0_2_004FD9BE
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004B39B9	0_2_004B39B9
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004CDA4D	0_2_004CDA4D
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004C5A4F	0_2_004C5A4F
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004CCA40	0_2_004CCA40
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004FFA64	0_2_004FFA64
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00539A60	0_2_00539A60
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0051DA1C	0_2_0051DA1C
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004CFA20	0_2_004CFA20
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0052DA3E	0_2_0052DA3E
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00503A24	0_2_00503A24
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0051FAD2	0_2_0051FAD2
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0050AAD5	0_2_0050AAD5
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00525ADC	0_2_00525ADC
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004A9AD0	0_2_004A9AD0
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00519ACA	0_2_00519ACA
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00504ACC	0_2_00504ACC
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004F6AF2	0_2_004F6AF2
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004C9A80	0_2_004C9A80
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004F9A9F	0_2_004F9A9F
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004B8ABC	0_2_004B8ABC
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0049AB40	0_2_0049AB40
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0053AB48	0_2_0053AB48
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00534B65	0_2_00534B65
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0050DB6D	0_2_0050DB6D
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00511B6C	0_2_00511B6C
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0052AB6D	0_2_0052AB6D
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004CFB10	0_2_004CFB10
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0051BB27	0_2_0051BB27
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00507BC8	0_2_00507BC8
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0066ABC2	0_2_0066ABC2
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004FBBE8	0_2_004FBBE8
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00520BF9	0_2_00520BF9
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004AEB80	0_2_004AEB80
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00501BB8	0_2_00501BB8
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00494BA0	0_2_00494BA0
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004FEBB7	0_2_004FEBB7
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00518BAD	0_2_00518BAD
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004F3C48	0_2_004F3C48
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00530C7B	0_2_00530C7B
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0050EC66	0_2_0050EC66
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0051EC14	0_2_0051EC14
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00537C01	0_2_00537C01
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004C3C10	0_2_004C3C10
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00514CF7	0_2_00514CF7
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004C1CF0	0_2_004C1CF0
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004F2C8B	0_2_004F2C8B
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00515C9A	0_2_00515C9A
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00516C86	0_2_00516C86
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00502C8E	0_2_00502C8E
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004F7CAE	0_2_004F7CAE
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004A4CA0	0_2_004A4CA0
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00526CBE	0_2_00526CBE
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004FCD4D	0_2_004FCD4D
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004BCD4C	0_2_004BCD4C
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004BCD5E	0_2_004BCD5E
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0050CD4F	0_2_0050CD4F
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004F5D6E	0_2_004F5D6E
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004CFD70	0_2_004CFD70
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004B1D00	0_2_004B1D00
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004A1D2B	0_2_004A1D2B
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004B6D2E	0_2_004B6D2E
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004D0D20	0_2_004D0D20
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0066FD13	0_2_0066FD13
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004C9D30	0_2_004C9D30
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00511DDB	0_2_00511DDB
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00674DF4	0_2_00674DF4
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0050FDC4	0_2_0050FDC4
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00536DC6	0_2_00536DC6
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00520DFB	0_2_00520DFB
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00503DE8	0_2_00503DE8
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004CCDF0	0_2_004CCDF0
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0050CD82	0_2_0050CD82
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004C7DA9	0_2_004C7DA9
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00505DB6	0_2_00505DB6
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0052DDB9	0_2_0052DDB9
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0051CDA7	0_2_0051CDA7
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00529E50	0_2_00529E50
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004FCE5F	0_2_004FCE5F
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00517E43	0_2_00517E43
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004B2E6D	0_2_004B2E6D
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004B0E6C	0_2_004B0E6C
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004BEE63	0_2_004BEE63
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004FFE7D	0_2_004FFE7D
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0051AE63	0_2_0051AE63
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004F1E79	0_2_004F1E79
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00523E69	0_2_00523E69
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_005E9E63	0_2_005E9E63
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004BFE74	0_2_004BFE74
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004CFE00	0_2_004CFE00
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0052CE1E	0_2_0052CE1E
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00524E21	0_2_00524E21
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004FDE39	0_2_004FDE39
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00533EDB	0_2_00533EDB
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004F5EEA	0_2_004F5EEA
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00508EFA	0_2_00508EFA
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00520EE3	0_2_00520EE3
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00534EEC	0_2_00534EEC
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004C8EA0	0_2_004C8EA0
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00492EB0	0_2_00492EB0
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004AAEB0	0_2_004AAEB0
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004A6F52	0_2_004A6F52
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004ADF50	0_2_004ADF50
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0051CF4E	0_2_0051CF4E
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00679F43	0_2_00679F43
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0052FF74	0_2_0052FF74
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00528F7B	0_2_00528F7B
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00501F61	0_2_00501F61
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0050AF61	0_2_0050AF61
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00502F6A	0_2_00502F6A
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004B5F1B	0_2_004B5F1B
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00539F06	0_2_00539F06
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_006D5F0D	0_2_006D5F0D
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0050FF31	0_2_0050FF31
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00522F3E	0_2_00522F3E
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0051DF3F	0_2_0051DF3F
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0053AF25	0_2_0053AF25
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00507F2D	0_2_00507F2D
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0052BFD1	0_2_0052BFD1
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0050CFF4	0_2_0050CFF4
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004F4FF5	0_2_004F4FF5
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_00527FA5	0_2_00527FA5

Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: String function: 00497F60 appears 40 times
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: String function: 004A4C90 appears 77 times

Source: Y4svWfRK1L.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: Y4svWfRK1L.exe

Static PE information: Section: ZLIB complexity 0.9995340584150327

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/0@11/2

Source: C:\Users\user\Desktop\Y4svWfRK1L.exe

Code function: 0_2_004C2070 CoCreateInstance,

0_2_004C2070

Source: C:\Users\user\Desktop\Y4svWfRK1L.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Y4svWfRK1L.exe	ReversingLabs: Detection: 68%
Source: Y4svWfRK1L.exe	Virustotal: Detection: 54%

Source: C:\Users\user\Desktop\Y4svWfRK1L.exe

File read: C:\Users\user\Desktop\Y4svWfRK1L.exe

Jump to behavior

Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: Y4svWfRK1L.exe

Static file information: File size 3020288 > 1048576

Source: Y4svWfRK1L.exe

Static PE information: Raw size of usrpfwau is bigger than: 0x100000 < 0x2b7a00

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\Y4svWfRK1L.exe

Unpacked PE file: 0.2.Y4svWfRK1L.exe.490000.0.unpack :EW;.rsrc :W;.idata :W;usrpfwau:EW;lmyxlnnn:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;usrpfwau:EW;lmyxlnnn:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: Y4svWfRK1L.exe

Static PE information: real checksum: 0x2ea7e4 should be: 0x2e2a3a

Source: Y4svWfRK1L.exe	Static PE information: section name:
Source: Y4svWfRK1L.exe	Static PE information: section name: .rsrc
Source: Y4svWfRK1L.exe	Static PE information: section name: .idata
Source: Y4svWfRK1L.exe	Static PE information: section name: usrpfwau
Source: Y4svWfRK1L.exe	Static PE information: section name: lmyxlnnn
Source: Y4svWfRK1L.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004E976D push edi; mov dword ptr [esp], ecx	0_2_004E977C
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004E976D push 13A461C3h; mov dword ptr [esp], eax	0_2_004E9A58
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004E704E push edi; mov dword ptr [esp], ebx	0_2_004E70DF
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004E704C push edi; mov dword ptr [esp], ecx	0_2_004E706A
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004C7069 push es; retf	0_2_004C7074
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004E7063 push edi; mov dword ptr [esp], ecx	0_2_004E706A
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_006F505D push 4FAE7E13h; mov dword ptr [esp], edi	0_2_006F50CE
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_006F505D push ebp; mov dword ptr [esp], edx	0_2_006F510B
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004EE02A push ebp; mov dword ptr [esp], 77BFA21Dh	0_2_004EE041
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004E70C9 push edi; mov dword ptr [esp], ebx	0_2_004E70DF
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004EC0DE push esi; mov dword ptr [esp], esp	0_2_004EF00B
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004EC0DE push ecx; mov dword ptr [esp], 64766943h	0_2_004EF1B4
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004EC0D6 push 565E6DFFh; mov dword ptr [esp], edx	0_2_004ED88C
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004EC0D6 push ebx; mov dword ptr [esp], 00000000h	0_2_004ED890
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_007120CC push 1C331541h; mov dword ptr [esp], ebp	0_2_007120ED
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_006D40A1 push 252E8359h; mov dword ptr [esp], eax	0_2_006D40A9
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_006D40A1 push 0063C540h; mov dword ptr [esp], edi	0_2_006D40D4
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_006D40A1 push eax; mov dword ptr [esp], ebx	0_2_006D4102
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_007410AF push ecx; mov dword ptr [esp], eax	0_2_0074113C
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_006E4098 push 6010AABCh; mov dword ptr [esp], esi	0_2_006E40B9
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_006E4098 push ebx; mov dword ptr [esp], ecx	0_2_006E40DD
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004EA142 push 6DD483BCh; mov dword ptr [esp], edx	0_2_004EA148
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004EE17B push ebp; mov dword ptr [esp], edi	0_2_004EE17E
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004E710E push edx; mov dword ptr [esp], eax	0_2_004E7BC7
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004EC10A push ecx; mov dword ptr [esp], esp	0_2_004EC10C
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_0070710A push ebp; mov dword ptr [esp], esp	0_2_00707139
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004EC132 push eax; mov dword ptr [esp], ebp	0_2_004EC142
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004EE1C4 push eax; mov dword ptr [esp], edx	0_2_004EED80
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004EC1D2 push ecx; mov dword ptr [esp], 5FFDA0C7h	0_2_004EC1D8
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_004ED19E push edx; mov dword ptr [esp], 00000000h	0_2_004ED465
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Code function: 0_2_006AD1B3 push edi; mov dword ptr [esp], esi	0_2_006AD200

Source: Y4svWfRK1L.exe

Static PE information: section name: entropy: 7.977999914041252

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 67FC4E second address: 67FC59 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6656E1 second address: 6656E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6656E6 second address: 6656EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6656EC second address: 6656F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 67EBA8 second address: 67EBAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 67EBAC second address: 67EBB2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 67EBB2 second address: 67EBBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FD9C0F4F5F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 67ECFF second address: 67ED1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 jnl 00007FD9C0C55406h 0x0000000f jmp 00007FD9C0C5540Eh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 67ED1C second address: 67ED38 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 jne 00007FD9C0F4F60Ch 0x0000000d jnc 00007FD9C0F4F5FCh 0x00000013 push ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 67EE69 second address: 67EE6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 67EE6D second address: 67EE71 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 67EE71 second address: 67EE79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 67EE79 second address: 67EEC7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9C0F4F5FAh 0x00000007 push ebx 0x00000008 jbe 00007FD9C0F4F5F6h 0x0000000e pop ebx 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 jmp 00007FD9C0F4F603h 0x00000017 jmp 00007FD9C0F4F607h 0x0000001c jmp 00007FD9C0F4F5FAh 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 67F026 second address: 67F030 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FD9C0C55406h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6822E2 second address: 68235F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9C0F4F5FCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jng 00007FD9C0F4F5FCh 0x00000011 jno 00007FD9C0F4F5FCh 0x00000017 popad 0x00000018 nop 0x00000019 push 00000000h 0x0000001b push ebp 0x0000001c call 00007FD9C0F4F5F8h 0x00000021 pop ebp 0x00000022 mov dword ptr [esp+04h], ebp 0x00000026 add dword ptr [esp+04h], 0000001Ch 0x0000002e inc ebp 0x0000002f push ebp 0x00000030 ret 0x00000031 pop ebp 0x00000032 ret 0x00000033 mov dword ptr [ebp+122D1EBFh], edx 0x00000039 push 00000000h 0x0000003b and esi, 6CDA480Eh 0x00000041 push 6A2A236Eh 0x00000046 push eax 0x00000047 push edx 0x00000048 jmp 00007FD9C0F4F608h 0x0000004d rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 68235F second address: 682413 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FD9C0C55408h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xor dword ptr [esp], 6A2A23EEh 0x00000011 jmp 00007FD9C0C55413h 0x00000016 push 00000003h 0x00000018 jp 00007FD9C0C5540Bh 0x0000001e xor dx, AD75h 0x00000023 push 00000000h 0x00000025 and edx, dword ptr [ebp+122D2199h] 0x0000002b push 00000003h 0x0000002d mov cx, 29F2h 0x00000031 push C3C052A0h 0x00000036 jmp 00007FD9C0C5540Ah 0x0000003b xor dword ptr [esp], 03C052A0h 0x00000042 push 00000000h 0x00000044 push edx 0x00000045 call 00007FD9C0C55408h 0x0000004a pop edx 0x0000004b mov dword ptr [esp+04h], edx 0x0000004f add dword ptr [esp+04h], 0000001Dh 0x00000057 inc edx 0x00000058 push edx 0x00000059 ret 0x0000005a pop edx 0x0000005b ret 0x0000005c jnp 00007FD9C0C5540Ch 0x00000062 lea ebx, dword ptr [ebp+1246D093h] 0x00000068 jp 00007FD9C0C5541Fh 0x0000006e jmp 00007FD9C0C55419h 0x00000073 push eax 0x00000074 push eax 0x00000075 push edx 0x00000076 push eax 0x00000077 push esi 0x00000078 pop esi 0x00000079 pop eax 0x0000007a rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 682545 second address: 682564 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FD9C0F4F608h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 682564 second address: 682568 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 693074 second address: 69307A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 69307A second address: 693084 instructions: 0x00000000 rdtsc 0x00000002 js 00007FD9C0C5540Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 693084 second address: 69309B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 jmp 00007FD9C0F4F5FBh 0x0000000d push eax 0x0000000e push edx 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 69309B second address: 69309F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6A2686 second address: 6A26AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FD9C0F4F5F6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jg 00007FD9C0F4F5FAh 0x00000013 jmp 00007FD9C0F4F601h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6A0809 second address: 6A0836 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9C0C55417h 0x00000007 jne 00007FD9C0C55406h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FD9C0C5540Ah 0x00000016 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6A0DE2 second address: 6A0DE8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6A0DE8 second address: 6A0DEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6A0DEC second address: 6A0DF0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6A0F41 second address: 6A0F49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6A0F49 second address: 6A0F4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6A10BC second address: 6A10C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6A10C0 second address: 6A10E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FD9C0F4F607h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6A10E0 second address: 6A1113 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD9C0C55416h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007FD9C0C55414h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6A1113 second address: 6A1129 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FD9C0F4F5F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b jng 00007FD9C0F4F616h 0x00000011 pushad 0x00000012 push edi 0x00000013 pop edi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6A1129 second address: 6A112F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6A22B5 second address: 6A22C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FD9C0F4F5F6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6A4B93 second address: 6A4B9A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6A6056 second address: 6A6060 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007FD9C0F4F5F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6A6060 second address: 6A6066 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 671204 second address: 67122C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD9C0F4F601h 0x00000009 push eax 0x0000000a pop eax 0x0000000b push edx 0x0000000c pop edx 0x0000000d popad 0x0000000e jns 00007FD9C0F4F5FEh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 67122C second address: 671231 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 671231 second address: 67124F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD9C0F4F602h 0x00000009 jo 00007FD9C0F4F5F6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 67124F second address: 67125A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 67125A second address: 67125E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 67125E second address: 671286 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jno 00007FD9C0C55410h 0x00000010 jl 00007FD9C0C5540Eh 0x00000016 pushad 0x00000017 popad 0x00000018 js 00007FD9C0C55406h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 671286 second address: 6712A1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD9C0F4F606h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6712A1 second address: 6712B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD9C0C5540Bh 0x00000009 popad 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6712B4 second address: 6712BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6AC677 second address: 6AC67F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6AC67F second address: 6AC69B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FD9C0F4F603h 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6ACA4B second address: 6ACA4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6ACA4F second address: 6ACA55 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6ACA55 second address: 6ACA6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FD9C0C5540Ah 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6ACA6A second address: 6ACA8C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9C0F4F5FCh 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jnl 00007FD9C0F4F5F6h 0x00000012 js 00007FD9C0F4F5F6h 0x00000018 pushad 0x00000019 popad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6ACA8C second address: 6ACAB8 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007FD9C0C55410h 0x00000008 jmp 00007FD9C0C55415h 0x0000000d pop ecx 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6ACD72 second address: 6ACD7E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007FD9C0F4F5F6h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6AFC29 second address: 6AFC34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6B00AF second address: 6B00B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6B00B4 second address: 6B00B9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6B08B8 second address: 6B08BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6B08BC second address: 6B08C1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6B0936 second address: 6B093C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6B093C second address: 6B095E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FD9C0C55417h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6B0CE5 second address: 6B0CEA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6B0CEA second address: 6B0CF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6B0DAF second address: 6B0DB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6B1C93 second address: 6B1C9D instructions: 0x00000000 rdtsc 0x00000002 jns 00007FD9C0C55406h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6B3A8F second address: 6B3AA2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9C0F4F5FFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6B4574 second address: 6B45BB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FD9C0C5540Dh 0x0000000e nop 0x0000000f mov esi, edi 0x00000011 push 00000000h 0x00000013 xor si, 589Ah 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push eax 0x0000001d call 00007FD9C0C55408h 0x00000022 pop eax 0x00000023 mov dword ptr [esp+04h], eax 0x00000027 add dword ptr [esp+04h], 00000015h 0x0000002f inc eax 0x00000030 push eax 0x00000031 ret 0x00000032 pop eax 0x00000033 ret 0x00000034 mov edi, eax 0x00000036 push eax 0x00000037 pushad 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6B4327 second address: 6B432B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6B45BB second address: 6B45BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6B45BF second address: 6B45C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6B45C3 second address: 6B45D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FD9C0C5540Eh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6B5079 second address: 6B50AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD9C0F4F5FBh 0x00000008 ja 00007FD9C0F4F5F6h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FD9C0F4F607h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6B50AA second address: 6B50B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6BD999 second address: 6BD99E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6BBC95 second address: 6BBC9B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6BD99E second address: 6BD9A3 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6C0E82 second address: 6C0E86 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6BF10D second address: 6BF112 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6BF112 second address: 6BF128 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD9C0C55412h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6BF128 second address: 6BF166 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b mov bx, 1365h 0x0000000f push dword ptr fs:[00000000h] 0x00000016 mov dword ptr fs:[00000000h], esp 0x0000001d sub dword ptr [ebp+124665C6h], ecx 0x00000023 mov eax, dword ptr [ebp+122D0F1Dh] 0x00000029 movzx edi, si 0x0000002c push FFFFFFFFh 0x0000002e or edi, dword ptr [ebp+122D2EC7h] 0x00000034 nop 0x00000035 push ebx 0x00000036 push eax 0x00000037 push edx 0x00000038 jnc 00007FD9C0F4F5F6h 0x0000003e rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6C13B4 second address: 6C13B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6C13B8 second address: 6C13C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6C1576 second address: 6C1580 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007FD9C0C55406h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6C2527 second address: 6C2534 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FD9C0F4F5F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6C1580 second address: 6C1584 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6C33A1 second address: 6C33B9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9C0F4F604h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6C2534 second address: 6C2550 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD9C0C5540Fh 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f push edx 0x00000010 pop edx 0x00000011 pop ecx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6C33B9 second address: 6C33C0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6C2550 second address: 6C2555 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6C1646 second address: 6C1665 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FD9C0F4F608h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6C1665 second address: 6C1672 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6C1672 second address: 6C1676 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6C42E7 second address: 6C42EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6C358D second address: 6C3597 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6C42EB second address: 6C42F1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6C42F1 second address: 6C42F6 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6C42F6 second address: 6C4312 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jmp 00007FD9C0C5540Eh 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6C7435 second address: 6C74AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FD9C0F4F605h 0x0000000e pop edx 0x0000000f nop 0x00000010 adc bx, F5E1h 0x00000015 push 00000000h 0x00000017 push 00000000h 0x00000019 push eax 0x0000001a call 00007FD9C0F4F5F8h 0x0000001f pop eax 0x00000020 mov dword ptr [esp+04h], eax 0x00000024 add dword ptr [esp+04h], 0000001Ch 0x0000002c inc eax 0x0000002d push eax 0x0000002e ret 0x0000002f pop eax 0x00000030 ret 0x00000031 mov bh, 83h 0x00000033 push 00000000h 0x00000035 push 00000000h 0x00000037 push edx 0x00000038 call 00007FD9C0F4F5F8h 0x0000003d pop edx 0x0000003e mov dword ptr [esp+04h], edx 0x00000042 add dword ptr [esp+04h], 00000017h 0x0000004a inc edx 0x0000004b push edx 0x0000004c ret 0x0000004d pop edx 0x0000004e ret 0x0000004f xchg eax, esi 0x00000050 push eax 0x00000051 push edx 0x00000052 jo 00007FD9C0F4F5FCh 0x00000058 push eax 0x00000059 push edx 0x0000005a rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6C74AE second address: 6C74B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6C6738 second address: 6C6746 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD9C0F4F5FAh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6C5570 second address: 6C5617 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FD9C0C55408h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push ecx 0x00000010 call 00007FD9C0C55408h 0x00000015 pop ecx 0x00000016 mov dword ptr [esp+04h], ecx 0x0000001a add dword ptr [esp+04h], 00000017h 0x00000022 inc ecx 0x00000023 push ecx 0x00000024 ret 0x00000025 pop ecx 0x00000026 ret 0x00000027 adc bx, 657Dh 0x0000002c jmp 00007FD9C0C55419h 0x00000031 push dword ptr fs:[00000000h] 0x00000038 or di, 6D86h 0x0000003d mov dword ptr fs:[00000000h], esp 0x00000044 mov edi, ebx 0x00000046 mov eax, dword ptr [ebp+122D07B1h] 0x0000004c js 00007FD9C0C55406h 0x00000052 push FFFFFFFFh 0x00000054 push 00000000h 0x00000056 push esi 0x00000057 call 00007FD9C0C55408h 0x0000005c pop esi 0x0000005d mov dword ptr [esp+04h], esi 0x00000061 add dword ptr [esp+04h], 0000001Bh 0x00000069 inc esi 0x0000006a push esi 0x0000006b ret 0x0000006c pop esi 0x0000006d ret 0x0000006e mov ebx, dword ptr [ebp+122D3072h] 0x00000074 push eax 0x00000075 push eax 0x00000076 push edx 0x00000077 jmp 00007FD9C0C5540Eh 0x0000007c rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6C84E2 second address: 6C84F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 jng 00007FD9C0F4F604h 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6C84F2 second address: 6C84F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6C7668 second address: 6C7684 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD9C0F4F608h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6C946D second address: 6C9473 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6C9473 second address: 6C94BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 nop 0x00000007 mov ebx, 50635C83h 0x0000000c push 00000000h 0x0000000e push 00000000h 0x00000010 push edx 0x00000011 call 00007FD9C0F4F5F8h 0x00000016 pop edx 0x00000017 mov dword ptr [esp+04h], edx 0x0000001b add dword ptr [esp+04h], 0000001Dh 0x00000023 inc edx 0x00000024 push edx 0x00000025 ret 0x00000026 pop edx 0x00000027 ret 0x00000028 mov dword ptr [ebp+122D2859h], edx 0x0000002e push 00000000h 0x00000030 or dword ptr [ebp+122D1CDFh], ecx 0x00000036 push eax 0x00000037 push esi 0x00000038 pushad 0x00000039 jnc 00007FD9C0F4F5F6h 0x0000003f push eax 0x00000040 push edx 0x00000041 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6C871D second address: 6C8721 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6CB60A second address: 6CB651 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push 00000000h 0x0000000c push ebx 0x0000000d call 00007FD9C0F4F5F8h 0x00000012 pop ebx 0x00000013 mov dword ptr [esp+04h], ebx 0x00000017 add dword ptr [esp+04h], 00000014h 0x0000001f inc ebx 0x00000020 push ebx 0x00000021 ret 0x00000022 pop ebx 0x00000023 ret 0x00000024 jmp 00007FD9C0F4F5FEh 0x00000029 push 00000000h 0x0000002b mov edi, dword ptr [ebp+122D22E8h] 0x00000031 xchg eax, esi 0x00000032 push eax 0x00000033 push edx 0x00000034 jne 00007FD9C0F4F5F8h 0x0000003a rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6CB651 second address: 6CB67D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9C0C55414h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d jmp 00007FD9C0C5540Fh 0x00000012 pop edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6CC601 second address: 6CC605 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6CC605 second address: 6CC61F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FD9C0C55412h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6CC61F second address: 6CC623 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6CC7B0 second address: 6CC83A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push eax 0x0000000c call 00007FD9C0C55408h 0x00000011 pop eax 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 add dword ptr [esp+04h], 0000001Ch 0x0000001e inc eax 0x0000001f push eax 0x00000020 ret 0x00000021 pop eax 0x00000022 ret 0x00000023 movzx edi, bx 0x00000026 push dword ptr fs:[00000000h] 0x0000002d jmp 00007FD9C0C5540Ch 0x00000032 mov dword ptr fs:[00000000h], esp 0x00000039 or edi, dword ptr [ebp+122D39E7h] 0x0000003f mov eax, dword ptr [ebp+122D12B5h] 0x00000045 add ebx, dword ptr [ebp+122D2E6Fh] 0x0000004b push FFFFFFFFh 0x0000004d push 00000000h 0x0000004f push ebp 0x00000050 call 00007FD9C0C55408h 0x00000055 pop ebp 0x00000056 mov dword ptr [esp+04h], ebp 0x0000005a add dword ptr [esp+04h], 0000001Bh 0x00000062 inc ebp 0x00000063 push ebp 0x00000064 ret 0x00000065 pop ebp 0x00000066 ret 0x00000067 nop 0x00000068 push eax 0x00000069 push edx 0x0000006a pushad 0x0000006b pushad 0x0000006c popad 0x0000006d pushad 0x0000006e popad 0x0000006f popad 0x00000070 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6CE77A second address: 6CE77F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6D45E9 second address: 6D45F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push edi 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6D3EAE second address: 6D3EB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6D3EB2 second address: 6D3EB8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6D4008 second address: 6D4020 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FD9C0F4F5FEh 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 677F28 second address: 677F2D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6DA041 second address: 6DA08E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9C0F4F5FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b jmp 00007FD9C0F4F607h 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 jmp 00007FD9C0F4F609h 0x00000019 mov eax, dword ptr [eax] 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f push edx 0x00000020 pop edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6DA08E second address: 6DA094 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6DA094 second address: 6DA0C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnp 00007FD9C0F4F5F6h 0x00000009 jmp 00007FD9C0F4F607h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6DA0C1 second address: 6DA0C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6DA0C5 second address: 6DA0CB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6DF903 second address: 6DF90C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6DF90C second address: 6DF92A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9C0F4F604h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6DF92A second address: 6DF955 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9C0C55412h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jno 00007FD9C0C55408h 0x00000014 jnl 00007FD9C0C55408h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6DF955 second address: 6DF965 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FD9C0F4F602h 0x00000008 jg 00007FD9C0F4F5F6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6DEC21 second address: 6DEC30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007FD9C0C5540Ah 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6DEDA0 second address: 6DEDA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6DEDA5 second address: 6DEDDB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD9C0C55419h 0x00000008 jmp 00007FD9C0C5540Ah 0x0000000d jp 00007FD9C0C55406h 0x00000013 popad 0x00000014 pop edx 0x00000015 pop eax 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6DEDDB second address: 6DEDFA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FD9C0F4F607h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6DEDFA second address: 6DEE2B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9C0C55414h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FD9C0C55415h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6DEF38 second address: 6DEF66 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FD9C0F4F5FAh 0x00000010 jmp 00007FD9C0F4F609h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6DF267 second address: 6DF26B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6DF26B second address: 6DF271 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6DF3FD second address: 6DF40D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD9C0C5540Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6DF54B second address: 6DF54F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6E4881 second address: 6E48A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007FD9C0C55418h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6E48A2 second address: 6E48A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6AE4E3 second address: 6AE4E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6AE4E7 second address: 6AE4F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6AE4F2 second address: 6AE506 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FD9C0C5540Dh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6AE506 second address: 6AE50A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6AE66B second address: 6AE670 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6AE788 second address: 6AE78D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6AE78D second address: 6AE793 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6AE9F3 second address: 6AE9F8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6AEB03 second address: 6AEB1F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9C0C55418h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6AEB1F second address: 6AEB25 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6AEC2D second address: 6AEC32 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6AEC32 second address: 6AEC42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6AEC42 second address: 6AEC49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6AEC49 second address: 6AEC67 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9C0F4F5FAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d pushad 0x0000000e je 00007FD9C0F4F5F8h 0x00000014 push esi 0x00000015 pop esi 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6AEC67 second address: 6AECBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD9C0C55418h 0x00000009 popad 0x0000000a popad 0x0000000b pop eax 0x0000000c push 00000000h 0x0000000e push ebp 0x0000000f call 00007FD9C0C55408h 0x00000014 pop ebp 0x00000015 mov dword ptr [esp+04h], ebp 0x00000019 add dword ptr [esp+04h], 0000001Bh 0x00000021 inc ebp 0x00000022 push ebp 0x00000023 ret 0x00000024 pop ebp 0x00000025 ret 0x00000026 mov edi, dword ptr [ebp+122D2CCBh] 0x0000002c push 9881B845h 0x00000031 push eax 0x00000032 push edx 0x00000033 push edi 0x00000034 push esi 0x00000035 pop esi 0x00000036 pop edi 0x00000037 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6AF0BB second address: 6AF0BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6AF55B second address: 6AF58D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007FD9C0C5540Ch 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 push esi 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FD9C0C55417h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6AF58D second address: 6AF591 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6AF6F6 second address: 6AF6FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6E3A42 second address: 6E3A48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6E3BBB second address: 6E3BBF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6E3BBF second address: 6E3BD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD9C0F4F5FBh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6E3BD0 second address: 6E3BD5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6E3BD5 second address: 6E3BDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6E3BDB second address: 6E3C04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FD9C0C55406h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jng 00007FD9C0C55408h 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FD9C0C55410h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6E3C04 second address: 6E3C21 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9C0F4F609h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6E3C21 second address: 6E3C26 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6E3C26 second address: 6E3C43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD9C0F4F607h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6E4123 second address: 6E412F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 popad 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6E412F second address: 6E413A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FD9C0F4F5F6h 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6E413A second address: 6E413F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6E42A4 second address: 6E42B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD9C0F4F5FFh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6E8E4E second address: 6E8E6C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FD9C0C55416h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6E9566 second address: 6E956C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6E97E7 second address: 6E97ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6E97ED second address: 6E9801 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 ja 00007FD9C0F4F5FAh 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d push esi 0x0000000e pop esi 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6E9801 second address: 6E9811 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jnp 00007FD9C0C55406h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6E9811 second address: 6E9815 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6E9959 second address: 6E996B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 jl 00007FD9C0C5540Eh 0x0000000f push edi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6E9D36 second address: 6E9D43 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jnl 00007FD9C0F4F5F6h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6E87AA second address: 6E87C5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9C0C5540Ah 0x00000007 pushad 0x00000008 jns 00007FD9C0C55406h 0x0000000e jp 00007FD9C0C55406h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6EDDD0 second address: 6EDDD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6F6246 second address: 6F6268 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9C0C55416h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jno 00007FD9C0C55406h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6F6268 second address: 6F6298 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9C0F4F5FAh 0x00000007 jg 00007FD9C0F4F5F6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jmp 00007FD9C0F4F601h 0x00000015 jnp 00007FD9C0F4F5F6h 0x0000001b popad 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 667159 second address: 667177 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD9C0C55414h 0x00000009 jg 00007FD9C0C55406h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 667177 second address: 66717B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6F5163 second address: 6F51A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FD9C0C55406h 0x0000000a pop eax 0x0000000b jns 00007FD9C0C5541Ah 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 jns 00007FD9C0C5540Eh 0x0000001a jmp 00007FD9C0C5540Bh 0x0000001f rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6F51A4 second address: 6F51DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007FD9C0F4F605h 0x00000008 jmp 00007FD9C0F4F608h 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6F52FB second address: 6F5305 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FD9C0C55406h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6F5305 second address: 6F5309 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6F5309 second address: 6F5323 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FD9C0C5540Eh 0x0000000d push eax 0x0000000e push edx 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6F5323 second address: 6F5327 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6F573E second address: 6F5749 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6F5749 second address: 6F574D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6F5B4F second address: 6F5B61 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FD9C0C55408h 0x00000008 push eax 0x00000009 push edx 0x0000000a jno 00007FD9C0C55406h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6F5CBB second address: 6F5CC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6F5CC4 second address: 6F5CC9 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6F82F0 second address: 6F82F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6FB43C second address: 6FB46C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jng 00007FD9C0C55406h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 pop edx 0x00000012 push ecx 0x00000013 push eax 0x00000014 pop eax 0x00000015 pop ecx 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FD9C0C55417h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6FB46C second address: 6FB472 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6FB472 second address: 6FB476 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 66F82B second address: 66F834 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6FB02C second address: 6FB030 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6FB030 second address: 6FB034 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6FCA35 second address: 6FCA3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edi 0x00000007 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 663B54 second address: 663B5A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 663B5A second address: 663B71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FD9C0C55411h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 700970 second address: 70098C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FD9C0F4F603h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 700AE1 second address: 700AE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 700AE7 second address: 700B3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FD9C0F4F5F6h 0x0000000a popad 0x0000000b pushad 0x0000000c jmp 00007FD9C0F4F5FDh 0x00000011 pushad 0x00000012 popad 0x00000013 push esi 0x00000014 pop esi 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 popad 0x00000018 jl 00007FD9C0F4F60Ah 0x0000001e jmp 00007FD9C0F4F604h 0x00000023 popad 0x00000024 push eax 0x00000025 push edx 0x00000026 jc 00007FD9C0F4F5FCh 0x0000002c ja 00007FD9C0F4F5F6h 0x00000032 jmp 00007FD9C0F4F5FFh 0x00000037 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 700B3F second address: 700B56 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007FD9C0C55412h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 700B56 second address: 700B61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push edx 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 700DE9 second address: 700E27 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9C0C5540Ah 0x00000007 jg 00007FD9C0C55406h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 jmp 00007FD9C0C5540Ah 0x00000015 pop eax 0x00000016 jmp 00007FD9C0C55418h 0x0000001b popad 0x0000001c push eax 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 700E27 second address: 700E31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FD9C0F4F5F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 700E31 second address: 700E35 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 707D9D second address: 707DA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 707DA1 second address: 707DA5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 707DA5 second address: 707DAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 70674B second address: 706754 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 706754 second address: 706759 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 706759 second address: 706784 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jc 00007FD9C0C5542Eh 0x0000000f push eax 0x00000010 push edx 0x00000011 jp 00007FD9C0C55406h 0x00000017 jmp 00007FD9C0C55414h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 706A7E second address: 706A96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FD9C0F4F603h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6AF2FE second address: 6AF303 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6AF303 second address: 6AF361 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD9C0F4F608h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e mov ecx, eax 0x00000010 push 00000004h 0x00000012 push 00000000h 0x00000014 push edx 0x00000015 call 00007FD9C0F4F5F8h 0x0000001a pop edx 0x0000001b mov dword ptr [esp+04h], edx 0x0000001f add dword ptr [esp+04h], 00000016h 0x00000027 inc edx 0x00000028 push edx 0x00000029 ret 0x0000002a pop edx 0x0000002b ret 0x0000002c xor dword ptr [ebp+122D2BD6h], ecx 0x00000032 nop 0x00000033 push eax 0x00000034 push edx 0x00000035 jmp 00007FD9C0F4F602h 0x0000003a rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 6AF361 second address: 6AF37D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9C0C5540Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d jc 00007FD9C0C55406h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 706F1D second address: 706F26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 706F26 second address: 706F36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 70A625 second address: 70A629 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 70A629 second address: 70A645 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FD9C0C5540Eh 0x0000000d je 00007FD9C0C55406h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 70A645 second address: 70A64F instructions: 0x00000000 rdtsc 0x00000002 jp 00007FD9C0F4F5F6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 70A64F second address: 70A655 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 70A655 second address: 70A667 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9C0F4F5FCh 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 70A667 second address: 70A66D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 71226E second address: 712279 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 712279 second address: 71227D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 71227D second address: 712281 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 712281 second address: 712287 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 7102B9 second address: 7102E6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9C0F4F604h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FD9C0F4F601h 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 710462 second address: 710466 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 710466 second address: 71046A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 71046A second address: 710474 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 7108F4 second address: 7108FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 7108FA second address: 710900 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 710900 second address: 71090A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 710EAA second address: 710EB1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 710EB1 second address: 710ED0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push edi 0x00000008 jmp 00007FD9C0F4F605h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 7111ED second address: 7111F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 7111F3 second address: 7111F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 7111F7 second address: 7111FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 71175A second address: 71175E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 71175E second address: 711764 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 716FE0 second address: 716FF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD9C0F4F602h 0x00000009 pop edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 716FF7 second address: 716FFD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 716FFD second address: 717016 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD9C0F4F605h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 7161B9 second address: 7161C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 716305 second address: 71631D instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FD9C0F4F5FEh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 71631D second address: 716321 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 716321 second address: 716327 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 716497 second address: 7164AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FD9C0C55406h 0x0000000a jnp 00007FD9C0C55406h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push esi 0x00000014 pop esi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 7164AC second address: 7164C3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 js 00007FD9C0F4F5F6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f push edi 0x00000010 jc 00007FD9C0F4F5F6h 0x00000016 pop edi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 716910 second address: 716916 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 716A33 second address: 716A39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 716D04 second address: 716D0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 716D0A second address: 716D0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 716D0E second address: 716D12 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 716D12 second address: 716D1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 716D1E second address: 716D22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 716D22 second address: 716D26 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 71B669 second address: 71B675 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FD9C0C55406h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 72484E second address: 724853 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 724853 second address: 72485F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FD9C0C55406h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 722E17 second address: 722E1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 722E1D second address: 722E2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 jnp 00007FD9C0C55406h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 722E2B second address: 722E30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 7232EC second address: 723306 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FD9C0C55406h 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007FD9C0C5540Ah 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 723306 second address: 72330B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 7235FB second address: 723600 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 723600 second address: 723607 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 729D80 second address: 729D86 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 736DD5 second address: 736DE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push edi 0x00000006 pop edi 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 739B7D second address: 739B88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 739B88 second address: 739B8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 73CC2D second address: 73CC31 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 66A6C2 second address: 66A6C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 66A6C8 second address: 66A6CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 66A6CE second address: 66A6D4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 66A6D4 second address: 66A6E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jl 00007FD9C0C55406h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 66A6E4 second address: 66A6FC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9C0F4F5FAh 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 66A6FC second address: 66A70A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007FD9C0C55408h 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 66A70A second address: 66A712 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 66A712 second address: 66A716 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 66A716 second address: 66A72A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007FD9C0F4F5F6h 0x0000000e js 00007FD9C0F4F5F6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 66A72A second address: 66A72E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 749AC5 second address: 749AC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 749AC9 second address: 749ACD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 749ACD second address: 749AEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD9C0F4F608h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 749AEB second address: 749B37 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jp 00007FD9C0C55406h 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d jmp 00007FD9C0C5540Eh 0x00000012 popad 0x00000013 jmp 00007FD9C0C55415h 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d jmp 00007FD9C0C5540Ch 0x00000022 pushad 0x00000023 popad 0x00000024 pushad 0x00000025 popad 0x00000026 push ebx 0x00000027 pop ebx 0x00000028 popad 0x00000029 push ebx 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 749B37 second address: 749B3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 749B3C second address: 749B43 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 751048 second address: 751060 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 pushad 0x00000008 jmp 00007FD9C0F4F5FEh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 74FAB9 second address: 74FAC7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007FD9C0C5540Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 74FAC7 second address: 74FACE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 74FACE second address: 74FAD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 74FC4C second address: 74FC60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD9C0F4F5FEh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 74FC60 second address: 74FC64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 74FDB1 second address: 74FDC2 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007FD9C0F4F5FBh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 74FF29 second address: 74FF39 instructions: 0x00000000 rdtsc 0x00000002 je 00007FD9C0C55406h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 74FF39 second address: 74FF3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 750346 second address: 75034C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 75034C second address: 750358 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jg 00007FD9C0F4F5F6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 750358 second address: 75037C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9C0C55418h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jns 00007FD9C0C5540Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 754A26 second address: 754A31 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 7561F1 second address: 756211 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnl 00007FD9C0C55406h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FD9C0C55410h 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 756211 second address: 756217 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 756217 second address: 756229 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FD9C0C55406h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 756229 second address: 75622F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 75622F second address: 75623E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 js 00007FD9C0C55406h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 75623E second address: 756244 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 7560A4 second address: 7560A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 7560A9 second address: 7560B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 7560B1 second address: 7560B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 7604A1 second address: 7604D0 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FD9C0F4F609h 0x00000008 jbe 00007FD9C0F4F5F8h 0x0000000e pushad 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 ja 00007FD9C0F4F5F8h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 765E4F second address: 765E6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD9C0C55410h 0x00000009 pushad 0x0000000a push esi 0x0000000b pop esi 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 765E6A second address: 765E9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007FD9C0F4F5FFh 0x0000000b pushad 0x0000000c jmp 00007FD9C0F4F604h 0x00000011 jg 00007FD9C0F4F5F6h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 765E9C second address: 765EB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007FD9C0C5540Dh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 765EB1 second address: 765EB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 7743B5 second address: 7743BB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 7743BB second address: 7743CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jc 00007FD9C0F4F5F6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 7743CB second address: 7743EB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9C0C5540Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jc 00007FD9C0C5540Eh 0x0000000f jl 00007FD9C0C55406h 0x00000015 push edi 0x00000016 pop edi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 7743EB second address: 7743F0 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 774276 second address: 77427A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 77616C second address: 7761B3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9C0F4F604h 0x00000007 jng 00007FD9C0F4F5F6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007FD9C0F4F5FFh 0x00000014 push eax 0x00000015 push edx 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 jmp 00007FD9C0F4F606h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 7761B3 second address: 7761BD instructions: 0x00000000 rdtsc 0x00000002 jng 00007FD9C0C55406h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 78AEFD second address: 78AF16 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FD9C0F4F603h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 78AF16 second address: 78AF1B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 78AF1B second address: 78AF21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 78B076 second address: 78B07A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 78B337 second address: 78B352 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD9C0F4F607h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 78B352 second address: 78B358 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 78B358 second address: 78B361 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 78B361 second address: 78B389 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FD9C0C55406h 0x0000000a push edi 0x0000000b pop edi 0x0000000c popad 0x0000000d push edx 0x0000000e jno 00007FD9C0C55406h 0x00000014 pop edx 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FD9C0C55411h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 78B638 second address: 78B63D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 78B63D second address: 78B643 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 78B643 second address: 78B64D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FD9C0F4F5F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 78B93F second address: 78B944 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 78B944 second address: 78B955 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FD9C0F4F5F8h 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 78BAC6 second address: 78BADA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD9C0C5540Fh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 78BADA second address: 78BAE8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jnp 00007FD9C0F4F5F6h 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 78BAE8 second address: 78BAEE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 78BC28 second address: 78BC51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 jmp 00007FD9C0F4F609h 0x0000000a pop ecx 0x0000000b pop ecx 0x0000000c jnp 00007FD9C0F4F616h 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 790211 second address: 790217 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 7904FD second address: 790503 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 790503 second address: 790507 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 790507 second address: 790567 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9C0F4F608h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f js 00007FD9C0F4F603h 0x00000015 push edx 0x00000016 jmp 00007FD9C0F4F5FBh 0x0000001b pop edx 0x0000001c mov eax, dword ptr [eax] 0x0000001e pushad 0x0000001f jmp 00007FD9C0F4F5FCh 0x00000024 jo 00007FD9C0F4F601h 0x0000002a jmp 00007FD9C0F4F5FBh 0x0000002f popad 0x00000030 mov dword ptr [esp+04h], eax 0x00000034 push eax 0x00000035 push edx 0x00000036 push eax 0x00000037 push ebx 0x00000038 pop ebx 0x00000039 pop eax 0x0000003a rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 791D23 second address: 791D35 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD9C0C5540Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 791D35 second address: 791D43 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pop edi 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 791D43 second address: 791D5A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9C0C55413h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 791D5A second address: 791D7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FD9C0F4F608h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 791D7E second address: 791D82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 791D82 second address: 791D8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	RDTSC instruction interceptor: First address: 791D8A second address: 791DA7 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007FD9C0C55415h 0x00000008 pop ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c pop edx 0x0000000d rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Special instruction interceptor: First address: 4E637E instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Special instruction interceptor: First address: 6CE7D2 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Special instruction interceptor: First address: 4E8D3D instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Special instruction interceptor: First address: 6AE6E9 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Special instruction interceptor: First address: 72C3E2 instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\Y4svWfRK1L.exe

Code function: 0_2_004E9040 rdtsc

0_2_004E9040

Source: C:\Users\user\Desktop\Y4svWfRK1L.exe TID: 7404	Thread sleep time: -90000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe TID: 7404	Thread sleep time: -30000s >= -30000s			Jump to behavior

Source: Y4svWfRK1L.exe, Y4svWfRK1L.exe, 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: Y4svWfRK1L.exe, 00000000.00000002.1768308675.0000000000CE8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW U
Source: Y4svWfRK1L.exe, 00000000.00000003.1754596470.0000000000D31000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000002.1768457885.0000000000D32000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1767116865.0000000000D32000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Y4svWfRK1L.exe, 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\Y4svWfRK1L.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\Y4svWfRK1L.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\Y4svWfRK1L.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	File opened: NTICE
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	File opened: SICE
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\Y4svWfRK1L.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\Y4svWfRK1L.exe

Code function: 0_2_004E9040 rdtsc

0_2_004E9040

Source: C:\Users\user\Desktop\Y4svWfRK1L.exe

Code function: 0_2_004CE110 LdrInitializeThunk,

0_2_004CE110

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: Y4svWfRK1L.exe	String found in binary or memory: bashfulacid.lat
Source: Y4svWfRK1L.exe	String found in binary or memory: tentabatte.lat
Source: Y4svWfRK1L.exe	String found in binary or memory: curverpluch.lat
Source: Y4svWfRK1L.exe	String found in binary or memory: talkynicer.lat
Source: Y4svWfRK1L.exe	String found in binary or memory: shapestickyr.lat
Source: Y4svWfRK1L.exe	String found in binary or memory: manyrestro.lat
Source: Y4svWfRK1L.exe	String found in binary or memory: slipperyloo.lat
Source: Y4svWfRK1L.exe	String found in binary or memory: wordyfindy.lat
Source: Y4svWfRK1L.exe	String found in binary or memory: observerfry.lat

Source: Y4svWfRK1L.exe, Y4svWfRK1L.exe, 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: aProgram Manager

Source: C:\Users\user\Desktop\Y4svWfRK1L.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 PowerShell	1 DLL Side-Loading	1 Process Injection	24 Virtualization/Sandbox Evasion	OS Credential Dumping	641 Security Software Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Process Injection	LSASS Memory	24 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	11 Deobfuscate/Decode Files or Information	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	4 Obfuscated Files or Information	NTDS	23 System Information Discovery	Distributed Component Object Model	Input Capture	114 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Y4svWfRK1L.exe	68%	ReversingLabs	Win32.Infostealer.Tinba
Y4svWfRK1L.exe	54%	Virustotal		Browse
Y4svWfRK1L.exe	100%	Avira	TR/Crypt.TPM.Gen
Y4svWfRK1L.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
https://lev-tolstoi.com/piL	100%	Avira URL Cloud	malware
https://lev-tolstoi.com/piD	100%	Avira URL Cloud	malware
https://lev-tolstoi.com/apiJ	100%	Avira URL Cloud	malware
https://lev-tolstoi.com/piE	100%	Avira URL Cloud	malware
https://lev-tolstoi.com/E	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
steamcommunity.com	104.102.49.254	true	false	high
lev-tolstoi.com	172.67.157.254	true	false	high
wordyfindy.lat	unknown	unknown	false	high
slipperyloo.lat	unknown	unknown	false	high
curverpluch.lat	unknown	unknown	false	high
tentabatte.lat	unknown	unknown	false	high
manyrestro.lat	unknown	unknown	false	high
bashfulacid.lat	unknown	unknown	false	high
shapestickyr.lat	unknown	unknown	false	high
observerfry.lat	unknown	unknown	false	high
talkynicer.lat	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
slipperyloo.lat	false	high
curverpluch.lat	false	high
tentabatte.lat	false	high
manyrestro.lat	false	high
bashfulacid.lat	false	high
observerfry.lat	false	high
https://steamcommunity.com/profiles/76561199724331900	false	high
wordyfindy.lat	false	high
shapestickyr.lat	false	high
talkynicer.lat	false	high
https://lev-tolstoi.com/api	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://steamcommunity.com/my/wishlist/	Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png	Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&	Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp	Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/?subsection=broadcasts	Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://lev-tolstoi.com/piL	Y4svWfRK1L.exe, 00000000.00000002.1768308675.0000000000D02000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://help.steampowered.com/en/	Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/market/	Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/news/	Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/subscriber_agreement/	Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
http://store.steampowered.com/subscriber_agreement/	Y4svWfRK1L.exe, 00000000.00000003.1754596470.0000000000D31000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org	Y4svWfRK1L.exe, 00000000.00000003.1754596470.0000000000D31000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.valvesoftware.com/legal.htm	Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en	Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/discussions/	Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/stats/	Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am	Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a	Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/steam_refunds/	Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a	Y4svWfRK1L.exe, 00000000.00000003.1754596470.0000000000D31000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754521867.0000000000D8D000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900	Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6	Y4svWfRK1L.exe, 00000000.00000003.1754596470.0000000000D31000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754521867.0000000000D8D000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016	Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://lev-tolstoi.com/piD	Y4svWfRK1L.exe, 00000000.00000002.1768308675.0000000000D02000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://lev-tolstoi.com/piE	Y4svWfRK1L.exe, 00000000.00000003.1754596470.0000000000D31000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e	Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl	Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis	Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC	Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRi	Y4svWfRK1L.exe, 00000000.00000003.1754596470.0000000000D31000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754521867.0000000000D8D000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/workshop/	Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c	Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1	Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000002.1768443837.0000000000D2B000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754626317.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1767142790.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&	Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/legal/	Y4svWfRK1L.exe, 00000000.00000003.1754596470.0000000000D31000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en	Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng	Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en	Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://lev-tolstoi.com/apiJ	Y4svWfRK1L.exe, 00000000.00000002.1768457885.0000000000D32000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1767116865.0000000000D32000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a	Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl	Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://lev-tolstoi.com/	Y4svWfRK1L.exe, 00000000.00000003.1754596470.0000000000D31000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000002.1768457885.0000000000D32000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1767116865.0000000000D32000.00000004.00000020.00020000.00000000.sdmp	false		high
http://store.steampowered.com/privacy_agreement/	Y4svWfRK1L.exe, 00000000.00000003.1754596470.0000000000D31000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/points/shop/	Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/	Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=oOCAGrkRfpQ6&l=e	Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a	Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://lev-tolstoi.com/E	Y4svWfRK1L.exe, 00000000.00000003.1754596470.0000000000D31000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png	Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/profiles/76561199724331900/inventory/	Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000002.1768443837.0000000000D2B000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754626317.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1767142790.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg	Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/privacy_agreement/	Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng	Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif	Y4svWfRK1L.exe, 00000000.00000003.1754596470.0000000000D31000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D8E000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754521867.0000000000D8D000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ	Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am	Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp	Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
http://store.steampowered.com/account/cookiepreferences/	Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000002.1768443837.0000000000D2B000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754626317.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1767142790.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/mobile	Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/	Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81	Y4svWfRK1L.exe, 00000000.00000003.1754596470.0000000000D31000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754521867.0000000000D8D000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://lev-tolstoi.com/pi	Y4svWfRK1L.exe, 00000000.00000003.1754596470.0000000000D31000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/about/	Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l	Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/profiles/76561199724331900/badges	Y4svWfRK1L.exe, 00000000.00000003.1754596470.0000000000D31000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754536689.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000002.1768457885.0000000000D32000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D8E000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1767116865.0000000000D32000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754521867.0000000000D8D000.00000004.00000020.00020000.00000000.sdmp, Y4svWfRK1L.exe, 00000000.00000003.1754566576.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
172.67.157.254	lev-tolstoi.com	United States		13335	CLOUDFLARENETUS	false
104.102.49.254	steamcommunity.com	United States		16625	AKAMAI-ASUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1580921
Start date and time:	2024-12-26 13:12:37 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 54s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	1
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Y4svWfRK1L.exe renamed because original name is a hash value
Original Sample Name:	ce1ebe1f0dd4d6d5866d0917439c24a0.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@1/0@11/2
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Excluded IPs from analysis (whitelisted): 4.175.87.197
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, sls.update.microsoft.com, glb.sls.prod.dcat.dsp.trafficmanager.net
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
07:13:31	API Interceptor	6x Sleep call for process: Y4svWfRK1L.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
172.67.157.254	YKri2nEBWE.exe	Get hash	malicious	LummaC	Browse
	GtEVo1eO2p.exe	Get hash	malicious	LummaC	Browse
	SPFFah2O2q.exe	Get hash	malicious	LummaC	Browse
	4KDKJjRzm8.exe	Get hash	malicious	LummaC	Browse
	i8Vwc7iOaG.exe	Get hash	malicious	LummaC, Amadey, AsyncRAT, LummaC Stealer, Stealc, StormKitty, Vidar	Browse
	6GNqkkKY0j.exe	Get hash	malicious	LummaC	Browse
	Ebgl8jb6CW.exe	Get hash	malicious	LummaC	Browse
	3zg6i6Zu1u.exe	Get hash	malicious	LummaC	Browse
	L5Kgf2Tvkc.exe	Get hash	malicious	LummaC	Browse
	fkawMJ7FH8.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, RedLine, Stealc	Browse
104.102.49.254	r4xiHKy8aM.exe	Get hash	malicious	Socks5Systemz	Browse	/ISteamUser/GetFriendList/v1/?key=AE2AE4DBF33A541E83BC08989DB1F397&steamid=76561198400860497
104.102.49.254	http://gtm-cn-j4g3qqvf603.steamproxy1.com/	Get hash	malicious	Unknown	Browse	www.valvesoftware.com/legal.htm

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
lev-tolstoi.com	YKri2nEBWE.exe	Get hash	malicious	LummaC	Browse	172.67.157.254
	0c8cY5GOMh.exe	Get hash	malicious	LummaC	Browse	104.21.66.86
	z3IxCpcpg4.exe	Get hash	malicious	LummaC	Browse	104.21.66.86
	GtEVo1eO2p.exe	Get hash	malicious	LummaC	Browse	172.67.157.254
	SPFFah2O2q.exe	Get hash	malicious	LummaC	Browse	172.67.157.254
	4KDKJjRzm8.exe	Get hash	malicious	LummaC	Browse	172.67.157.254
	C8QT9HkXEb.exe	Get hash	malicious	LummaC	Browse	104.21.66.86
	0hRSICdcGg.exe	Get hash	malicious	LummaC	Browse	104.21.66.86
	6GNqkkKY0j.exe	Get hash	malicious	LummaC	Browse	172.67.157.254
	Ebgl8jb6CW.exe	Get hash	malicious	LummaC	Browse	172.67.157.254
steamcommunity.com	YKri2nEBWE.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	0c8cY5GOMh.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	tFDKSN3TdH.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	ghumRvJGY9.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	z3IxCpcpg4.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	GtEVo1eO2p.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	AiaStwRBdI.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	HJVzgKyC0y.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	rUfr2hQGOb.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	YhF4vhbnMW.exe	Get hash	malicious	LummaC	Browse	23.55.153.106

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	YKri2nEBWE.exe	Get hash	malicious	LummaC	Browse	172.67.157.254
	0c8cY5GOMh.exe	Get hash	malicious	LummaC	Browse	104.21.66.86
	setup.msi	Get hash	malicious	Unknown	Browse	104.21.6.3
	z3IxCpcpg4.exe	Get hash	malicious	LummaC	Browse	104.21.66.86
	GtEVo1eO2p.exe	Get hash	malicious	LummaC	Browse	172.67.157.254
	SPFFah2O2q.exe	Get hash	malicious	LummaC	Browse	172.67.157.254
	ZBbOXn0a3R.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	172.67.165.185
	4KDKJjRzm8.exe	Get hash	malicious	LummaC	Browse	172.67.157.254
	P0SJULJxI0.exe	Get hash	malicious	LummaC	Browse	172.67.165.185
	b0ho5YYSdo.exe	Get hash	malicious	LummaC	Browse	104.21.66.113
AKAMAI-ASUS	YKri2nEBWE.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	0c8cY5GOMh.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	tFDKSN3TdH.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	ghumRvJGY9.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	i8Vwc7iOaG.exe	Get hash	malicious	LummaC, Amadey, AsyncRAT, LummaC Stealer, Stealc, StormKitty, Vidar	Browse	104.121.10.34
	Google Authenticator You're trying to sign in from a new location.msg	Get hash	malicious	Unknown	Browse	2.19.198.51
	xd.arm7.elf	Get hash	malicious	Mirai	Browse	23.41.55.10
	xd.x86.elf	Get hash	malicious	Mirai	Browse	23.64.163.184
	xd.sh4.elf	Get hash	malicious	Mirai	Browse	23.194.143.78
	telnet.ppc.elf	Get hash	malicious	Unknown	Browse	104.116.58.253

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	YKri2nEBWE.exe	Get hash	malicious	LummaC	Browse	172.67.157.254 104.102.49.254
	0c8cY5GOMh.exe	Get hash	malicious	LummaC	Browse	172.67.157.254 104.102.49.254
	tFDKSN3TdH.exe	Get hash	malicious	LummaC	Browse	172.67.157.254 104.102.49.254
	ghumRvJGY9.exe	Get hash	malicious	LummaC	Browse	172.67.157.254 104.102.49.254
	z3IxCpcpg4.exe	Get hash	malicious	LummaC	Browse	172.67.157.254 104.102.49.254
	GtEVo1eO2p.exe	Get hash	malicious	LummaC	Browse	172.67.157.254 104.102.49.254
	AiaStwRBdI.exe	Get hash	malicious	LummaC	Browse	172.67.157.254 104.102.49.254
	HJVzgKyC0y.exe	Get hash	malicious	LummaC	Browse	172.67.157.254 104.102.49.254
	rUfr2hQGOb.exe	Get hash	malicious	LummaC	Browse	172.67.157.254 104.102.49.254
	YhF4vhbnMW.exe	Get hash	malicious	LummaC	Browse	172.67.157.254 104.102.49.254

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.505573895411488
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	Y4svWfRK1L.exe
File size:	3'020'288 bytes
MD5:	ce1ebe1f0dd4d6d5866d0917439c24a0
SHA1:	4800104f6e2984849ea41d0fb307336511b7b4c4
SHA256:	89d52483511cad269996b2e1dbe87c958bdbd4b5567e7d8cad0abbcf710f839a
SHA512:	fc69ff5c7861852ab1cccfe0bc4b8205d95db30f31d230f6ef0755244dd64e7db0af9d4f7f23f54673582187efce4989b57476e467460827151a3cdfe1362e8d
SSDEEP:	49152:l7zQaQ8YdgL3tBqSQLmRVro/M//rbj5aP:eF8YdgLDqJL8ro/83d4
TLSH:	52E54A62B405B5CBE4CA1BBC9427CE87595D47BB57200CC3A9AD78BE7E63CC211B5C28
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....Yig..............................0...........@...........................1...........@.................................Y@..m..

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x70e000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x67695986 [Mon Dec 23 12:37:26 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007FD9C0976EAAh
pmuludq mm5, qword ptr [00000000h]
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [ebx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ebx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], cl
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add ecx, dword ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x54059	0x6d	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x541f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x52000	0x26400	8b82e25207ec9c07ecf0c8522c9488da	False	0.9995340584150327	DOS executable (COM)	7.977999914041252	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x53000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x54000	0x1000	0x200	39a711a7d804ccbc2a14eea65cf3c27e	False	0.154296875	data	1.0789976601211375	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
usrpfwau	0x55000	0x2b8000	0x2b7a00	912c1f6e92a36c55b508a94384784506	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
lmyxlnnn	0x30d000	0x1000	0x400	37eed05a848b6fbf5f3dd958a5a18665	False	0.830078125	data	6.399656284078322	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x30e000	0x3000	0x2200	fac0d705e24c3d0c6d47d2f8977d4052	False	0.06353400735294118	DOS executable (COM)	0.7824555724333209	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-26T13:13:31.990402+0100	2058514	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wordyfindy .lat)	1	192.168.2.4	56045	1.1.1.1	53	UDP
2024-12-26T13:13:32.171129+0100	2058502	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (slipperyloo .lat)	1	192.168.2.4	57210	1.1.1.1	53	UDP
2024-12-26T13:13:32.318950+0100	2058492	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (manyrestro .lat)	1	192.168.2.4	53640	1.1.1.1	53	UDP
2024-12-26T13:13:32.458738+0100	2058500	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (shapestickyr .lat)	1	192.168.2.4	55070	1.1.1.1	53	UDP
2024-12-26T13:13:32.599896+0100	2058510	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (talkynicer .lat)	1	192.168.2.4	61021	1.1.1.1	53	UDP
2024-12-26T13:13:32.744671+0100	2058484	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (curverpluch .lat)	1	192.168.2.4	64860	1.1.1.1	53	UDP
2024-12-26T13:13:32.885219+0100	2058512	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tentabatte .lat)	1	192.168.2.4	58429	1.1.1.1	53	UDP
2024-12-26T13:13:33.024548+0100	2058480	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bashfulacid .lat)	1	192.168.2.4	49412	1.1.1.1	53	UDP
2024-12-26T13:13:34.807205+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49730	104.102.49.254	443	TCP
2024-12-26T13:13:36.049226+0100	2858666	ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup	1	192.168.2.4	49730	104.102.49.254	443	TCP
2024-12-26T13:13:37.735371+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49731	172.67.157.254	443	TCP
2024-12-26T13:13:38.498914+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49731	172.67.157.254	443	TCP
2024-12-26T13:13:38.498914+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49731	172.67.157.254	443	TCP
2024-12-26T13:13:39.753606+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49732	172.67.157.254	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 26, 2024 13:13:33.321016073 CET	49730	443	192.168.2.4	104.102.49.254
Dec 26, 2024 13:13:33.321069956 CET	443	49730	104.102.49.254	192.168.2.4
Dec 26, 2024 13:13:33.321151018 CET	49730	443	192.168.2.4	104.102.49.254
Dec 26, 2024 13:13:33.324314117 CET	49730	443	192.168.2.4	104.102.49.254
Dec 26, 2024 13:13:33.324326992 CET	443	49730	104.102.49.254	192.168.2.4
Dec 26, 2024 13:13:34.807068110 CET	443	49730	104.102.49.254	192.168.2.4
Dec 26, 2024 13:13:34.807204962 CET	49730	443	192.168.2.4	104.102.49.254
Dec 26, 2024 13:13:34.826508999 CET	49730	443	192.168.2.4	104.102.49.254
Dec 26, 2024 13:13:34.826541901 CET	443	49730	104.102.49.254	192.168.2.4
Dec 26, 2024 13:13:34.827003002 CET	443	49730	104.102.49.254	192.168.2.4
Dec 26, 2024 13:13:34.877979994 CET	49730	443	192.168.2.4	104.102.49.254
Dec 26, 2024 13:13:35.148618937 CET	49730	443	192.168.2.4	104.102.49.254
Dec 26, 2024 13:13:35.195341110 CET	443	49730	104.102.49.254	192.168.2.4
Dec 26, 2024 13:13:36.049276114 CET	443	49730	104.102.49.254	192.168.2.4
Dec 26, 2024 13:13:36.049313068 CET	443	49730	104.102.49.254	192.168.2.4
Dec 26, 2024 13:13:36.049372911 CET	443	49730	104.102.49.254	192.168.2.4
Dec 26, 2024 13:13:36.049402952 CET	443	49730	104.102.49.254	192.168.2.4
Dec 26, 2024 13:13:36.049431086 CET	443	49730	104.102.49.254	192.168.2.4
Dec 26, 2024 13:13:36.049532890 CET	49730	443	192.168.2.4	104.102.49.254
Dec 26, 2024 13:13:36.049596071 CET	443	49730	104.102.49.254	192.168.2.4
Dec 26, 2024 13:13:36.049628019 CET	49730	443	192.168.2.4	104.102.49.254
Dec 26, 2024 13:13:36.049663067 CET	49730	443	192.168.2.4	104.102.49.254
Dec 26, 2024 13:13:36.266216040 CET	443	49730	104.102.49.254	192.168.2.4
Dec 26, 2024 13:13:36.266247988 CET	443	49730	104.102.49.254	192.168.2.4
Dec 26, 2024 13:13:36.266295910 CET	443	49730	104.102.49.254	192.168.2.4
Dec 26, 2024 13:13:36.266463041 CET	49730	443	192.168.2.4	104.102.49.254
Dec 26, 2024 13:13:36.266477108 CET	443	49730	104.102.49.254	192.168.2.4
Dec 26, 2024 13:13:36.266514063 CET	49730	443	192.168.2.4	104.102.49.254
Dec 26, 2024 13:13:36.266524076 CET	49730	443	192.168.2.4	104.102.49.254
Dec 26, 2024 13:13:36.280919075 CET	443	49730	104.102.49.254	192.168.2.4
Dec 26, 2024 13:13:36.281207085 CET	49730	443	192.168.2.4	104.102.49.254
Dec 26, 2024 13:13:36.281215906 CET	443	49730	104.102.49.254	192.168.2.4
Dec 26, 2024 13:13:36.281234980 CET	443	49730	104.102.49.254	192.168.2.4
Dec 26, 2024 13:13:36.281269073 CET	49730	443	192.168.2.4	104.102.49.254
Dec 26, 2024 13:13:36.281301975 CET	49730	443	192.168.2.4	104.102.49.254
Dec 26, 2024 13:13:36.282501936 CET	49730	443	192.168.2.4	104.102.49.254
Dec 26, 2024 13:13:36.282510996 CET	443	49730	104.102.49.254	192.168.2.4
Dec 26, 2024 13:13:36.424938917 CET	49731	443	192.168.2.4	172.67.157.254
Dec 26, 2024 13:13:36.424994946 CET	443	49731	172.67.157.254	192.168.2.4
Dec 26, 2024 13:13:36.425091028 CET	49731	443	192.168.2.4	172.67.157.254
Dec 26, 2024 13:13:36.425479889 CET	49731	443	192.168.2.4	172.67.157.254
Dec 26, 2024 13:13:36.425494909 CET	443	49731	172.67.157.254	192.168.2.4
Dec 26, 2024 13:13:37.735297918 CET	443	49731	172.67.157.254	192.168.2.4
Dec 26, 2024 13:13:37.735371113 CET	49731	443	192.168.2.4	172.67.157.254
Dec 26, 2024 13:13:37.826268911 CET	49731	443	192.168.2.4	172.67.157.254
Dec 26, 2024 13:13:37.826296091 CET	443	49731	172.67.157.254	192.168.2.4
Dec 26, 2024 13:13:37.826639891 CET	443	49731	172.67.157.254	192.168.2.4
Dec 26, 2024 13:13:37.830264091 CET	49731	443	192.168.2.4	172.67.157.254
Dec 26, 2024 13:13:37.830308914 CET	49731	443	192.168.2.4	172.67.157.254
Dec 26, 2024 13:13:37.830373049 CET	443	49731	172.67.157.254	192.168.2.4
Dec 26, 2024 13:13:38.498980045 CET	443	49731	172.67.157.254	192.168.2.4
Dec 26, 2024 13:13:38.499222994 CET	443	49731	172.67.157.254	192.168.2.4
Dec 26, 2024 13:13:38.499289036 CET	49731	443	192.168.2.4	172.67.157.254
Dec 26, 2024 13:13:38.499901056 CET	49731	443	192.168.2.4	172.67.157.254
Dec 26, 2024 13:13:38.499922991 CET	443	49731	172.67.157.254	192.168.2.4
Dec 26, 2024 13:13:38.499936104 CET	49731	443	192.168.2.4	172.67.157.254
Dec 26, 2024 13:13:38.499942064 CET	443	49731	172.67.157.254	192.168.2.4
Dec 26, 2024 13:13:38.518929958 CET	49732	443	192.168.2.4	172.67.157.254
Dec 26, 2024 13:13:38.519004107 CET	443	49732	172.67.157.254	192.168.2.4
Dec 26, 2024 13:13:38.519083023 CET	49732	443	192.168.2.4	172.67.157.254
Dec 26, 2024 13:13:38.519367933 CET	49732	443	192.168.2.4	172.67.157.254
Dec 26, 2024 13:13:38.519385099 CET	443	49732	172.67.157.254	192.168.2.4
Dec 26, 2024 13:13:39.753606081 CET	49732	443	192.168.2.4	172.67.157.254

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 26, 2024 13:13:31.796952963 CET	56897	53	192.168.2.4	1.1.1.1
Dec 26, 2024 13:13:31.935266972 CET	53	56897	1.1.1.1	192.168.2.4
Dec 26, 2024 13:13:31.990401983 CET	56045	53	192.168.2.4	1.1.1.1
Dec 26, 2024 13:13:32.128562927 CET	53	56045	1.1.1.1	192.168.2.4
Dec 26, 2024 13:13:32.171128988 CET	57210	53	192.168.2.4	1.1.1.1
Dec 26, 2024 13:13:32.308757067 CET	53	57210	1.1.1.1	192.168.2.4
Dec 26, 2024 13:13:32.318949938 CET	53640	53	192.168.2.4	1.1.1.1
Dec 26, 2024 13:13:32.457176924 CET	53	53640	1.1.1.1	192.168.2.4
Dec 26, 2024 13:13:32.458738089 CET	55070	53	192.168.2.4	1.1.1.1
Dec 26, 2024 13:13:32.598196030 CET	53	55070	1.1.1.1	192.168.2.4
Dec 26, 2024 13:13:32.599895954 CET	61021	53	192.168.2.4	1.1.1.1
Dec 26, 2024 13:13:32.740422964 CET	53	61021	1.1.1.1	192.168.2.4
Dec 26, 2024 13:13:32.744671106 CET	64860	53	192.168.2.4	1.1.1.1
Dec 26, 2024 13:13:32.881886005 CET	53	64860	1.1.1.1	192.168.2.4
Dec 26, 2024 13:13:32.885219097 CET	58429	53	192.168.2.4	1.1.1.1
Dec 26, 2024 13:13:33.022830963 CET	53	58429	1.1.1.1	192.168.2.4
Dec 26, 2024 13:13:33.024548054 CET	49412	53	192.168.2.4	1.1.1.1
Dec 26, 2024 13:13:33.163460016 CET	53	49412	1.1.1.1	192.168.2.4
Dec 26, 2024 13:13:33.164896011 CET	61287	53	192.168.2.4	1.1.1.1
Dec 26, 2024 13:13:33.302934885 CET	53	61287	1.1.1.1	192.168.2.4
Dec 26, 2024 13:13:36.285826921 CET	64884	53	192.168.2.4	1.1.1.1
Dec 26, 2024 13:13:36.423090935 CET	53	64884	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 26, 2024 13:13:31.796952963 CET	192.168.2.4	1.1.1.1	0x5aec	Standard query (0)	observerfry.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:13:31.990401983 CET	192.168.2.4	1.1.1.1	0x7523	Standard query (0)	wordyfindy.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:13:32.171128988 CET	192.168.2.4	1.1.1.1	0x8958	Standard query (0)	slipperyloo.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:13:32.318949938 CET	192.168.2.4	1.1.1.1	0x2775	Standard query (0)	manyrestro.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:13:32.458738089 CET	192.168.2.4	1.1.1.1	0x18f0	Standard query (0)	shapestickyr.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:13:32.599895954 CET	192.168.2.4	1.1.1.1	0x1461	Standard query (0)	talkynicer.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:13:32.744671106 CET	192.168.2.4	1.1.1.1	0x8fce	Standard query (0)	curverpluch.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:13:32.885219097 CET	192.168.2.4	1.1.1.1	0x915c	Standard query (0)	tentabatte.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:13:33.024548054 CET	192.168.2.4	1.1.1.1	0x377b	Standard query (0)	bashfulacid.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:13:33.164896011 CET	192.168.2.4	1.1.1.1	0xdd93	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:13:36.285826921 CET	192.168.2.4	1.1.1.1	0x522a	Standard query (0)	lev-tolstoi.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 26, 2024 13:13:31.935266972 CET	1.1.1.1	192.168.2.4	0x5aec	Name error (3)	observerfry.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:13:32.128562927 CET	1.1.1.1	192.168.2.4	0x7523	Name error (3)	wordyfindy.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:13:32.308757067 CET	1.1.1.1	192.168.2.4	0x8958	Name error (3)	slipperyloo.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:13:32.457176924 CET	1.1.1.1	192.168.2.4	0x2775	Name error (3)	manyrestro.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:13:32.598196030 CET	1.1.1.1	192.168.2.4	0x18f0	Name error (3)	shapestickyr.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:13:32.740422964 CET	1.1.1.1	192.168.2.4	0x1461	Name error (3)	talkynicer.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:13:32.881886005 CET	1.1.1.1	192.168.2.4	0x8fce	Name error (3)	curverpluch.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:13:33.022830963 CET	1.1.1.1	192.168.2.4	0x915c	Name error (3)	tentabatte.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:13:33.163460016 CET	1.1.1.1	192.168.2.4	0x377b	Name error (3)	bashfulacid.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:13:33.302934885 CET	1.1.1.1	192.168.2.4	0xdd93	No error (0)	steamcommunity.com		104.102.49.254	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:13:36.423090935 CET	1.1.1.1	192.168.2.4	0x522a	No error (0)	lev-tolstoi.com		172.67.157.254	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:13:36.423090935 CET	1.1.1.1	192.168.2.4	0x522a	No error (0)	lev-tolstoi.com		104.21.66.86	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

steamcommunity.com

lev-tolstoi.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	104.102.49.254	443	7272	C:\Users\user\Desktop\Y4svWfRK1L.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-26 12:13:35 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-12-26 12:13:36 UTC	1905	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Thu, 26 Dec 2024 12:13:35 GMT Content-Length: 35121 Connection: close Set-Cookie: sessionid=aabee17458191c5c7c6df636; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
2024-12-26 12:13:36 UTC	14479	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
2024-12-26 12:13:36 UTC	16384	IN	Data Raw: 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a 09 09 09 09 53 55 50 50 4f 52 54 09 Data Ascii: .com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">SUPPORT
2024-12-26 12:13:36 UTC	3768	IN	Data Raw: 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 61 63 74 69 6f 6e 73 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 3c 2f 64 69 76 3e 0a 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 73 75 6d 6d 61 72 79 22 3e 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 20 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 5f 73 70 61 63 65 72 22 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 34 70 78 3b 22 3e 0a 09 09 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 61 63 74 75 61 6c 5f 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 22 Data Ascii: </div><div class="profile_header_actions"></div></div><div class="profile_header_summary"><div class="persona_name persona_name_spacer" style="font-size: 24px;"><span class="actual_persona_name"
2024-12-26 12:13:36 UTC	490	IN	Data Raw: 72 20 41 67 72 65 65 6d 65 6e 74 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 26 6e 62 73 70 3b 7c 20 26 6e 62 73 70 3b 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 63 63 6f 75 6e 74 2f 63 6f 6f 6b 69 65 70 72 65 66 65 72 65 6e 63 65 73 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6f 6f 6b 69 65 73 3c 2f 61 3e 0a 09 09 09 09 09 09 3c 2f 73 70 61 6e 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 73 70 61 6e 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 65 73 70 6f 6e 73 69 76 65 5f 6f 70 74 69 6e 5f 6c 69 6e 6b 22 3e 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 74 Data Ascii: r Agreement</a>  \|  <a href="http://store.steampowered.com/account/cookiepreferences/" target="_blank">Cookies</a></span></span></div><div class="responsive_optin_link"><div class="bt

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49731	172.67.157.254	443	7272	C:\Users\user\Desktop\Y4svWfRK1L.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-26 12:13:37 UTC	262	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: lev-tolstoi.com
2024-12-26 12:13:37 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-26 12:13:38 UTC	1121	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 12:13:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=s93ggk0912apkff5ckj3ldl8rp; expires=Mon, 21 Apr 2025 06:00:17 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GJecwV7oYOQwbyqG01Wzf8NVZAdAu1LA0uKHmU3ZqzGfqH59YKFuXAtM6XYBwApY6vTg7gPg%2FtpiVNyPaqObG6%2BEuP3c0w4cmlvXOhkq6xUfxVmIwKiXZitmIEDKkydLZDA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f80fc689fbf437a-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1717&min_rtt=1702&rtt_var=669&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2835&recv_bytes=906&delivery_rate=1597374&cwnd=223&unsent_bytes=0&cid=2a40f6acc123d5eb&ts=774&x=0"
2024-12-26 12:13:38 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-26 12:13:38 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	07:13:28
Start date:	26/12/2024
Path:	C:\Users\user\Desktop\Y4svWfRK1L.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Y4svWfRK1L.exe"
Imagebase:	0x490000
File size:	3'020'288 bytes
MD5 hash:	CE1EBE1F0DD4D6D5866D0917439C24A0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	1.2%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	21.9%
Total number of Nodes:	73
Total number of Limit Nodes:	4

Executed Functions

Function 0049B100 Relevance: 19.2, Strings: 15, Instructions: 425
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

XyR{, xrefs: 0049B2D5
.AtC, xrefs: 0049B249
b6j4, xrefs: 0049B57D
Ym]o, xrefs: 0049B2B7
yQrS, xrefs: 0049B271
D!M#, xrefs: 0049B1F9
Gu@w, xrefs: 0049B2CB
hI2K, xrefs: 0049B25D
S%U', xrefs: 0049B203
zMzO, xrefs: 0049B267
9]_, xrefs: 0049B28F
pE}G, xrefs: 0049B253
Gq\s, xrefs: 0049B2C1
(Y6[, xrefs: 0049B285
k=W?, xrefs: 0049B23F

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID: (Y6[$.AtC$9]_$D!M#$Gq\s$Gu@w$S%U'$XyR{$Ym]o$b6j4$hI2K$k=W?$pE}G$yQrS$zMzO
API String ID: 0-620192811
Opcode ID: 5c12c8f16c08fb3fb0c152571cf7be847ec002c3dfddfa8b7f93f0c785bd17e7
Instruction ID: 065a41485a50ba9c39efbfcd2defd2492a39162b93e3493d3c9a346744a1e26e
Opcode Fuzzy Hash: 5c12c8f16c08fb3fb0c152571cf7be847ec002c3dfddfa8b7f93f0c785bd17e7
Instruction Fuzzy Hash: FF0267B1201B01DFD724CF25E891B9BBBF1FB45314F008A2DD5AA8BAA0DB34A455CF95

Function 00498600 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 356
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(00000000), ref: 00498A4B

Part of subcall function 0049B7B0: FreeLibrary.KERNEL32(00498A31), ref: 0049B7B6
Part of subcall function 0049B7B0: FreeLibrary.KERNEL32 ref: 0049B7D7

Strings

}, xrefs: 0049890C
}, xrefs: 00498913
b]u), xrefs: 00498877

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID: FreeLibrary$ExitProcess
String ID: b]u)$}$}
API String ID: 1614911148-2900034282
Opcode ID: 85b2ab28cf17a7b25491204e63c4f1881e4aadbaffcbe102128351975500cb14
Instruction ID: 1a83cca20f625b5a705e41c54eace14cfde84ad1cbed87fec6ffb481fb35f10d
Opcode Fuzzy Hash: 85b2ab28cf17a7b25491204e63c4f1881e4aadbaffcbe102128351975500cb14
Instruction Fuzzy Hash: 3AC1F573A187144BC718DF69C84125ABBD6ABC8710F0AC53EA898EB355EA78DC048BC5

Function 004CE110 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL(004D148A,?,00000018,?,?,00000018,?,?,?), ref: 004CE13E

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82

Function 004D1720 Relevance: 1.4, Strings: 1, Instructions: 158
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

=<32, xrefs: 004D176D

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID: InitializeThunk
String ID: =<32
API String ID: 2994545307-852023076
Opcode ID: 872d770ede85474c8a31f7a3dc9d9a3c58470ea9e89ec1fcbb8c621a93c187fd
Instruction ID: e86f6196362147ad88412713ddeead6c26ea35d2da210fe7a3b7e6b60d936b63
Opcode Fuzzy Hash: 872d770ede85474c8a31f7a3dc9d9a3c58470ea9e89ec1fcbb8c621a93c187fd
Instruction Fuzzy Hash: DE312538704304ABE714EA549CA1B3BB395EB84750F18852FF985573B1D738DC50A78A

Function 00498A50 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de8a8dcc9c3ab3076e5cd776fb6cd32bc0718f272d39d571d2e216b7fbce9e89
Instruction ID: 16d9088a12305d9c3bcd231d7bfc089c1487bb6a6d39ed0461da839531a98af8
Opcode Fuzzy Hash: de8a8dcc9c3ab3076e5cd776fb6cd32bc0718f272d39d571d2e216b7fbce9e89
Instruction Fuzzy Hash: 6F21C537A627184BD3108E54DCC87917761E7D9328F3E86B8C9249F3D2C97BA91386C4

Function 00499D1E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 142
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNEL32(?,00000000), ref: 00499D98
LoadLibraryExW.KERNEL32(?,00000000), ref: 00499E78

Strings

CKR, xrefs: 00499E85

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID: LibraryLoad
String ID: CKR
API String ID: 1029625771-460672157
Opcode ID: c486845fa7223eab01775412e417b4a68c552d916168b55b9038391650b51aba
Instruction ID: 89d6c52267f63e773c6c97e82109832f8f4894681fd0a26d2960d1df2b4bd5c8
Opcode Fuzzy Hash: c486845fa7223eab01775412e417b4a68c552d916168b55b9038391650b51aba
Instruction Fuzzy Hash: DB4103B4D003009FEB149F7899D2A5A7F71EB06324F5042AED4902F3E6C635580ACBE6

Function 0049EF53 Relevance: 1.6, APIs: 1, Instructions: 118
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoInitializeEx.COMBASE(00000000,00000002), ref: 0049F09D

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: be9dfd9e5d029c7b9406ad0328132172c35b11d0bb2d54a82cbbf3db92fa92d4
Instruction ID: d6cef43b7e102d1d2f73558c260400f1cdda59e2f13cb0f441729953d0f96429
Opcode Fuzzy Hash: be9dfd9e5d029c7b9406ad0328132172c35b11d0bb2d54a82cbbf3db92fa92d4
Instruction Fuzzy Hash: A741E8B4910B40AFD370EF3D990B7137EB8AB05250F404B1EF9E6866D4E631A4198BD7

Function 004CE0A0 Relevance: 1.5, APIs: 1, Instructions: 31
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlReAllocateHeap.NTDLL(?,00000000), ref: 004CE0E0

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: e602b6d034bcda4399d169f872b0eb8e8c13c5d42529ba8706894ecd651d3956
Instruction ID: f772db04218c6b4ac2a4e38a0d5b3d491f530a43c9b2d493e92bb247808ce3ca
Opcode Fuzzy Hash: e602b6d034bcda4399d169f872b0eb8e8c13c5d42529ba8706894ecd651d3956
Instruction Fuzzy Hash: E5F0A775425121FBC6902F36BD05F573765AFC2710F05043EF40496111DB79D817959A

Function 0049EC77 Relevance: 1.5, APIs: 1, Instructions: 29
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 0049ECA3

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID: InitializeSecurity
String ID:
API String ID: 640775948-0
Opcode ID: b5b10f1e4f2afcf9e9d9eedd1c5d65e6ebe01ce3781b2f7ec54eecc67bb417a9
Instruction ID: bc21c8e32b0b273cf3c8da06f9a40c75cb7d7546861dbe0d307805139b0524e6
Opcode Fuzzy Hash: b5b10f1e4f2afcf9e9d9eedd1c5d65e6ebe01ce3781b2f7ec54eecc67bb417a9
Instruction Fuzzy Hash: 39E092347DA7827AFA7986149CA3F2522165B42F25E345716B3213E3D4CED43101825C

Function 00499EB7 Relevance: 1.5, APIs: 1, Instructions: 18
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WSAStartup.WS2_32(00000202,?), ref: 00499ED2

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: 4f27199528760b5c71d8eeca8e21ae55145e8a8c0ef88c5b65b4e98d0528190a
Instruction ID: 4a3f54532e764820c9e8eac4c70f3796c868046afe2300300c1113454c561ece
Opcode Fuzzy Hash: 4f27199528760b5c71d8eeca8e21ae55145e8a8c0ef88c5b65b4e98d0528190a
Instruction Fuzzy Hash: 9CE02B336426029BE700DB34FC47E493357DB15345705843EE505C1171EE7695209A14

Function 004CC570 Relevance: 1.5, APIs: 1, Instructions: 15
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(?,00000000,?,004CE0F9), ref: 004CC590

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: d06a0cbbca444082e6f6f24ea8fc0ed933249fc19a9b6c68bba9fa5403457594
Instruction ID: 464c34238ee3b77bc5085ea2b8dc0d3651a3c3a6093b3a1a13ddafd3ab76398e
Opcode Fuzzy Hash: d06a0cbbca444082e6f6f24ea8fc0ed933249fc19a9b6c68bba9fa5403457594
Instruction Fuzzy Hash: B2D0C931416122EBCA502F28BC05BD73B599F49220F0708A6B404AA075C669EC91CAD8

Function 004CC55C Relevance: 1.5, APIs: 1, Instructions: 5
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,00000000), ref: 004CC561

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 209223d6430782bf79a7cb6761606f2861c05cf32acd97a865dcdd1098d47fec
Instruction ID: 374456cd285a87f0d7bffcc4df78277fa1241e76fe915377207c0460dd9759f7
Opcode Fuzzy Hash: 209223d6430782bf79a7cb6761606f2861c05cf32acd97a865dcdd1098d47fec
Instruction Fuzzy Hash: 81A001721841509ADA562B24BD49B847A25AB58721F1242A1F101590B686A198929A88

Function 0049DDBB Relevance: 1.3, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

CoUninitialize.COMBASE ref: 0049DDC4

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID: Uninitialize
String ID:
API String ID: 3861434553-0
Opcode ID: 45e1b4619313d855cf40148ec430ad36275c372a0d7d47c8830eb5c5aabe8603
Instruction ID: a2e1c4b570016b20cea7424d9f31bee13890980edb5dcec55ddfdc531b0d3841
Opcode Fuzzy Hash: 45e1b4619313d855cf40148ec430ad36275c372a0d7d47c8830eb5c5aabe8603
Instruction Fuzzy Hash: 26C0122526A0018BDE48E321A96243B23168B87388314A93B840B8225AEBA4A9029A4D

Function 004E976D Relevance: 1.3, APIs: 1, Instructions: 14memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000), ref: 004E976F

Memory Dump Source

Source File: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 2060230ee2c315aa0af1364c83e5d5d3cb556bc3d62f10c4dfa61db0e906010a
Instruction ID: 960ceac38c0deb9e9c0800a820ed4019368e5f41eb2677c6ca78e4ee078a6ef1
Opcode Fuzzy Hash: 2060230ee2c315aa0af1364c83e5d5d3cb556bc3d62f10c4dfa61db0e906010a
Instruction Fuzzy Hash: 97D05E7800C344DFC3405F2A8840B7EB6F4FF04742F11482EA9C586B90D2796C92EB5B

Non-executed Functions

Function 004A2750 Relevance: 266.3, APIs: 2, Strings: 149, Instructions: 2041COMMON

Download Yara Rule

Strings

-, xrefs: 004A3B7D
B, xrefs: 004A393F
[, xrefs: 004A3C62
., xrefs: 004A3B82
., xrefs: 004A3C5A
m, xrefs: 004A3F89
_, xrefs: 004A3C42
j, xrefs: 004A3413
;, xrefs: 004A2F00
k, xrefs: 004A3CE2
~, xrefs: 004A2D99
5, xrefs: 004A3FB1
:, xrefs: 004A3BDA
F, xrefs: 004A395F
j, xrefs: 004A2F58
g, xrefs: 004A3D02
9, xrefs: 004A3F91
_, xrefs: 004A41E7
%, xrefs: 004A3957
?, xrefs: 004A3F81
\, xrefs: 004A473E
l, xrefs: 004A3987
\, xrefs: 004A41FF
C, xrefs: 004A3C22
@, xrefs: 004A394F
K, xrefs: 004A3BE2
^, xrefs: 004A2D94
l, xrefs: 004A2F48
*, xrefs: 004A2A6C
o, xrefs: 004A3CC2
n, xrefs: 004A2F38
=, xrefs: 004A34D9
a, xrefs: 004A295D
s, xrefs: 004A3DA2
<, xrefs: 004A34C9
u, xrefs: 004A3D72
\, xrefs: 004A464B
i, xrefs: 004A3744
d, xrefs: 004A34B9
", xrefs: 004A4059
_, xrefs: 004A472F
], xrefs: 004A4367
_, xrefs: 004A35FC
J, xrefs: 004A3CDA
D, xrefs: 004A396F
D, xrefs: 004A4578
&, xrefs: 004A29D4
&, xrefs: 004A3C3A
X, xrefs: 004A398F
#, xrefs: 004A4061
^, xrefs: 004A4734
y, xrefs: 004A3D52
=, xrefs: 004A3C0A
%, xrefs: 004A3C4A
{, xrefs: 004A3D62
|, xrefs: 004A3423
o, xrefs: 004A3997
Y, xrefs: 004A3C52
', xrefs: 004A4041
h, xrefs: 004A2F68
d, xrefs: 004A2EF0
], xrefs: 004A4739
A, xrefs: 004A3C12
<, xrefs: 004A336C
^, xrefs: 004A41EF
!, xrefs: 004A4051
_, xrefs: 004A4357
/, xrefs: 004A3B87
7, xrefs: 004A3FC1
q, xrefs: 004A3D92
9, xrefs: 004A3977
], xrefs: 004A360C
2, xrefs: 004A3403
k, xrefs: 004A2F60
?, xrefs: 004A3076
O, xrefs: 004A3D5A
1, xrefs: 004A3FD1
^, xrefs: 004A435F
1, xrefs: 004A3947
0, xrefs: 004A3C1A
_, xrefs: 004A4633
D, xrefs: 004A456B
/, xrefs: 004A3C9A
}, xrefs: 004A3D32
%, xrefs: 004A4031
], xrefs: 004A3C32
f, xrefs: 004A27B6
6, xrefs: 004A2BE4
/, xrefs: 004A3C2A
\, xrefs: 004A39AF
^, xrefs: 004A399F
D, xrefs: 004A4136
8, xrefs: 004A3937
-, xrefs: 004A3FF1
), xrefs: 004A4011
Q, xrefs: 004A3C92
], xrefs: 004A4643
2, xrefs: 004A2B1F
, xrefs: 004A3C6A
Z, xrefs: 004A397F
S, xrefs: 004A3CA2
r, xrefs: 004A3D9A
9, xrefs: 004A3927
<, xrefs: 004A2DA3
+, xrefs: 004A4021
/, xrefs: 004A4001
U, xrefs: 004A3C72
^, xrefs: 004A463B
i, xrefs: 004A3CD2
S, xrefs: 004A3FC9
\, xrefs: 004A4481
N, xrefs: 004A3FE9
_, xrefs: 004A4469
;, xrefs: 004A3FA1
^, xrefs: 004A3604
e, xrefs: 004A3C8A
Y, xrefs: 004A281E
`, xrefs: 004A3588
y, xrefs: 004A34E9
3, xrefs: 004A3BEA
w, xrefs: 004A3D82
m, xrefs: 004A3CB2
L, xrefs: 004A2A71
v, xrefs: 004A3C7A
W, xrefs: 004A3C82
A, xrefs: 004A2F30
;, xrefs: 004A3967
=, xrefs: 004A3F71
X, xrefs: 004A3D4A
R, xrefs: 004A3D8A
V, xrefs: 004A3D7A
\, xrefs: 004A3614
F, xrefs: 004A2F20
E, xrefs: 004A3BF2
3, xrefs: 004A3FE1
K, xrefs: 004A4019
e, xrefs: 004A3CF2
c, xrefs: 004A3D22
E, xrefs: 004A2CB1
^, xrefs: 004A4471
G, xrefs: 004A3C02
L, xrefs: 004A392F
_, xrefs: 004A39A7
], xrefs: 004A4479
\, xrefs: 004A436F
~, xrefs: 004A3433
], xrefs: 004A41F7
a, xrefs: 004A3D12
H, xrefs: 004A2F10

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID: $!$"$#$%$%$%$&$&$'$)$*$+$-$-$.$.$/$/$/$/$0$1$1$2$2$3$3$5$6$7$8$9$9$9$:$;$;$;$<$<$<$=$=$=$?$?$@$A$A$B$C$D$D$D$D$E$E$F$F$G$H$J$K$K$L$L$N$O$Q$R$S$S$U$V$W$X$X$Y$Y$Z$[$\$\$\$\$\$\$\$]$]$]$]$]$]$]$^$^$^$^$^$^$^$^$_$_$_$_$_$_$_$_$`$a$a$c$d$d$e$e$f$g$h$i$i$j$j$k$k$l$l$m$m$n$o$o$q$r$s$u$v$w$y$y${$|$}$~$~
API String ID: 0-1985396431
Opcode ID: e0f7a1b8450a3dc0f88a8fdaedcb6afeb5cf01edb8d1212447902b6b70e084c2
Instruction ID: 9f66883748ec81d13fa309e1248ad2e6253de2763cc9d2f3d70fe8da0fe784b2
Opcode Fuzzy Hash: e0f7a1b8450a3dc0f88a8fdaedcb6afeb5cf01edb8d1212447902b6b70e084c2
Instruction Fuzzy Hash: 8A13BF3150C7C08ED3259B3884443AFBFE1ABE6314F198A6EE4D987382D7B98945CB57

Function 004B42D0 Relevance: 43.1, APIs: 2, Strings: 22, Instructions: 1129COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 004B43AA
RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 004B443E

Strings

<j:h, xrefs: 004B5975
=:, xrefs: 004B57CE
Xs, xrefs: 004B5CD8
ut, xrefs: 004B5CE3
y{, xrefs: 004B5B36
%r?p, xrefs: 004B595F
b`, xrefs: 004B55F9
e>n<, xrefs: 004B588E
N~4|, xrefs: 004B593E
bFK, xrefs: 004B464E
13, xrefs: 004B5BFC
gd, xrefs: 004B5E60
n l, xrefs: 004B596A
+$e, xrefs: 004B4365, 004B437A
DD, xrefs: 004B5CEE
+$e, xrefs: 004B43FA, 004B442B
REK, xrefs: 004B4542
uw, xrefs: 004B5B57
=?, xrefs: 004B5BF1
r:i8, xrefs: 004B5899
|r, xrefs: 004B53A8
tj, xrefs: 004B53BE

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: +$e$+$e$ n l$%r?p$<j:h$=:$DD$N~4|$REK$Xs$bFK$e>n<$gd$r:i8$ut$13$=?$b`$tj$uw$y{$|r
API String ID: 237503144-4140963282
Opcode ID: 348d9d0a81ba07841939dcaf01fd4e454a7a5e745467ff0ebdbb7392378cbf09
Instruction ID: dbd12f07b8c49cc46fec2bbe034872cdd75c0f91fbf64c382c9c9fa022857749
Opcode Fuzzy Hash: 348d9d0a81ba07841939dcaf01fd4e454a7a5e745467ff0ebdbb7392378cbf09
Instruction Fuzzy Hash: 1AC20CB560D3848AD334CF14C452BDFBBF2EB82304F00892DD5E96B255D7B5864A8B9B

Function 004B4560 Relevance: 39.6, APIs: 1, Strings: 21, Instructions: 1081COMMON

Download Yara Rule

Strings

<j:h, xrefs: 004B5975
=:, xrefs: 004B57CE
Xs, xrefs: 004B5CD8
ut, xrefs: 004B5CE3
y{, xrefs: 004B5B36
%r?p, xrefs: 004B595F
b`, xrefs: 004B55F9
e>n<, xrefs: 004B588E
N~4|, xrefs: 004B593E
bFK, xrefs: 004B464E
13, xrefs: 004B5BFC
gd, xrefs: 004B5E60
n l, xrefs: 004B596A
DD, xrefs: 004B5CEE
+$e, xrefs: 004B442B
REK, xrefs: 004B4542
uw, xrefs: 004B5B57
=?, xrefs: 004B5BF1
r:i8, xrefs: 004B5899
|r, xrefs: 004B53A8
tj, xrefs: 004B53BE

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID: +$e$ n l$%r?p$<j:h$=:$DD$N~4|$REK$Xs$bFK$e>n<$gd$r:i8$ut$13$=?$b`$tj$uw$y{$|r
API String ID: 0-1805893481
Opcode ID: 4348b7e42b48538cab94f1cc02036963a89fc97e6255e428763751dae9bb9aba
Instruction ID: c38a9208b45b553ae41b7d081137be32b84ed0c3c46b08f94700aebee6fba05f
Opcode Fuzzy Hash: 4348b7e42b48538cab94f1cc02036963a89fc97e6255e428763751dae9bb9aba
Instruction Fuzzy Hash: 6EC21CB160D3848AE334CF54C852BDFBBF2EB82304F00892DD5E96B255D7B546498B9B

Function 004B46D0 Relevance: 39.5, APIs: 1, Strings: 21, Instructions: 1047COMMON

Download Yara Rule

Strings

<j:h, xrefs: 004B5975
=:, xrefs: 004B57CE
Xs, xrefs: 004B5CD8
ut, xrefs: 004B5CE3
y{, xrefs: 004B5B36
%r?p, xrefs: 004B595F
b`, xrefs: 004B55F9
e>n<, xrefs: 004B588E
N~4|, xrefs: 004B593E
bFK, xrefs: 004B464E
13, xrefs: 004B5BFC
gd, xrefs: 004B5E60
n l, xrefs: 004B596A
DD, xrefs: 004B5CEE
+$e, xrefs: 004B442B
REK, xrefs: 004B4542
uw, xrefs: 004B5B57
=?, xrefs: 004B5BF1
r:i8, xrefs: 004B5899
|r, xrefs: 004B53A8
tj, xrefs: 004B53BE

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID: +$e$ n l$%r?p$<j:h$=:$DD$N~4|$REK$Xs$bFK$e>n<$gd$r:i8$ut$13$=?$b`$tj$uw$y{$|r
API String ID: 0-1805893481
Opcode ID: fcada28e1c65a6bb06dd38e833240e6341a98852913cbffcbdd2bbf300041a00
Instruction ID: f3f260a3824b4d1cbdc78766f9abdc8145e272c7793dc1de17fc80f5f637f8a7
Opcode Fuzzy Hash: fcada28e1c65a6bb06dd38e833240e6341a98852913cbffcbdd2bbf300041a00
Instruction Fuzzy Hash: 3CC20BB560D3848AD334CF14C452BDFBAF2FB82304F00892DC5E96B255D7B5464A8B9B

Function 004A57C0 Relevance: 20.5, Strings: 15, Instructions: 1713COMMON

Download Yara Rule

Strings

w}MI, xrefs: 004A6128
S\], xrefs: 004A59EE
3F&D, xrefs: 004A6273
{zdy, xrefs: 004A611D
~mfQ, xrefs: 004A613E
uqrs, xrefs: 004A6AF0
pt}w, xrefs: 004A61F2
qRb`, xrefs: 004A6133
*,-", xrefs: 004A66EF
WQ, xrefs: 004A59E3
L4, xrefs: 004A6780
L4, xrefs: 004A6BA0
t~v:, xrefs: 004A61E7
_^]\, xrefs: 004A5B14
ntxE, xrefs: 004A6112

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID: *,-"$3F&D$_^]\$ntxE$pt}w$qRb`$t~v:$uqrs$w}MI${zdy$~mfQ$S\]$WQ$L4$L4
API String ID: 0-510280711
Opcode ID: 87a297e7aa698963e777aa45d6b98b0781b843dfbbc7d15c9f8de46383aed4b6
Instruction ID: 57f473641dac6a8fa744aa26299ccd3f508ecdf008a2cad38fcee072c3d4a156
Opcode Fuzzy Hash: 87a297e7aa698963e777aa45d6b98b0781b843dfbbc7d15c9f8de46383aed4b6
Instruction Fuzzy Hash: AEC238B26083408FD7248F24D8917AB77E5FFA6314F19493EE4D98B395D7389801CB5A

Function 004C9280 Relevance: 18.2, APIs: 2, Strings: 8, Instructions: 661COMMON

Download Yara Rule

APIs

SysFreeString.OLEAUT32 ref: 004C98DF
SysFreeString.OLEAUT32(?), ref: 004C98E5

Strings

O^, xrefs: 004C97A6
gd, xrefs: 004C968E
SB, xrefs: 004C979E
b{tu, xrefs: 004C92D9, 004C939B
t"j, xrefs: 004C966E
Jtuj, xrefs: 004C92E5
:;$%, xrefs: 004C99C0
=hn, xrefs: 004C9676

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID: FreeString
String ID: :;$%$=hn$Jtuj$O^$SB$b{tu$gd$t"j
API String ID: 3341692771-1335595022
Opcode ID: f84c0cb8536da41b7461391abbcd527d7b097a7a220cc408ad04dc0a50f6f9ee
Instruction ID: 2f7b330a31163266fe090007b6fa241ba66d5edb793104db95eec3cda0897cd3
Opcode Fuzzy Hash: f84c0cb8536da41b7461391abbcd527d7b097a7a220cc408ad04dc0a50f6f9ee
Instruction Fuzzy Hash: 4E222276A18301ABD310CF28C884B5BBBE2EFC5314F18892DE5D49B3A1D779D845CB96

Function 004A60E9 Relevance: 17.1, Strings: 13, Instructions: 807COMMON

Download Yara Rule

Strings

w}MI, xrefs: 004A6128
3F&D, xrefs: 004A6273
{zdy, xrefs: 004A611D
~mfQ, xrefs: 004A613E
uqrs, xrefs: 004A6AF0
pt}w, xrefs: 004A61F2
qRb`, xrefs: 004A6133
*,-", xrefs: 004A66EF
L4, xrefs: 004A6780
L4, xrefs: 004A6BA0
t~v:, xrefs: 004A61E7
JyTK, xrefs: 004A6160
ntxE, xrefs: 004A6112

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID: *,-"$3F&D$JyTK$ntxE$pt}w$qRb`$t~v:$uqrs$w}MI${zdy$~mfQ$L4$L4
API String ID: 0-2746398225
Opcode ID: 0de30a304472ace58e216e9e4136fb22ae9920fe147b4da3cc7617d67d7c4b11
Instruction ID: 8cbff12d773805bad6c7a85d3a1d35fb4e9999bd2c9e21edd4f8b1c63a895f51
Opcode Fuzzy Hash: 0de30a304472ace58e216e9e4136fb22ae9920fe147b4da3cc7617d67d7c4b11
Instruction Fuzzy Hash: C44217B26082518FCB248F24D8917ABB7E2FFE6314F1A893ED4D987355D7389805CB46

Function 0049F60D Relevance: 16.6, APIs: 1, Strings: 8, Instructions: 845COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(?), ref: 0049FDFC

Strings

x, xrefs: 0049FBD4
=, xrefs: 0049F978
\, xrefs: 0049FB0F
g, xrefs: 0049F9EA
m, xrefs: 0049F8F4
#, xrefs: 0049F721
6, xrefs: 0049F620
w, xrefs: 0049FAAD

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: #$6$=$\$g$m$w$x
API String ID: 237503144-139252074
Opcode ID: e26e93ee289116173d4c53c314cce89c5703bcc115ede7e04ed5ddcf2dc4f883
Instruction ID: 52f406980ffe7ae8b459b25ea355aae1703c0c6c0d9e1965f11100fb368cc3da
Opcode Fuzzy Hash: e26e93ee289116173d4c53c314cce89c5703bcc115ede7e04ed5ddcf2dc4f883
Instruction Fuzzy Hash: A772B23261C7808BD724DA39C85539FBAD2ABD6324F198B3EE4E9C33D5D67889018747

Function 004B7740 Relevance: 16.6, Strings: 13, Instructions: 338COMMON

Download Yara Rule

Strings

O=q?, xrefs: 004B7F6D
}9F;, xrefs: 004B7F62
}5x7, xrefs: 004B7F57
r, xrefs: 004B831A
1Q>S, xrefs: 004B7FA4
DE, xrefs: 004B7FDB
$Y)[, xrefs: 004B7FBA
Z)o+, xrefs: 004B7F8E
s1z3, xrefs: 004B7F4C
S%g', xrefs: 004B7F83
!A/C, xrefs: 004B7FD0
f!V#, xrefs: 004B7F78
P-X/, xrefs: 004B7F99

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID: !A/C$$Y)[$1Q>S$DE$O=q?$P-X/$S%g'$Z)o+$f!V#$r$s1z3$}5x7$}9F;
API String ID: 0-3413813421
Opcode ID: 14e0159b861b2af05b4ead9be11802f75951543ec9f2a635e27ce34678699a58
Instruction ID: 1d09fcab54fd7b0a6ce416165029cc32555b867708b851ec6a1d030aa4bbbc37
Opcode Fuzzy Hash: 14e0159b861b2af05b4ead9be11802f75951543ec9f2a635e27ce34678699a58
Instruction Fuzzy Hash: 21C1DFB150C3408FE724DF29D851B6BBBF1EF81304F0449ADE5998B362E7388905CB9A

Function 004A1227 Relevance: 16.5, APIs: 1, Strings: 8, Instructions: 750COMMON

Download Yara Rule

Strings

+, xrefs: 004A17CB
>, xrefs: 004A16FF
), xrefs: 004A1A4D
@, xrefs: 004A17D0
`, xrefs: 004A13A4
F, xrefs: 004A184E
L, xrefs: 004A1846
[, xrefs: 004A1555

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID: )$+$>$@$F$L$[$`
API String ID: 0-4163809010
Opcode ID: e015b4f0ef15b9689eb04c8f3b70f64fc4b365251f27c4227c786284e4ec07c8
Instruction ID: 179b282f832cd5fc3bd99cbf86f7194558df61d7b8ff118ac4e112f298bc861b
Opcode Fuzzy Hash: e015b4f0ef15b9689eb04c8f3b70f64fc4b365251f27c4227c786284e4ec07c8
Instruction Fuzzy Hash: E652907260C7808BD724DB38C5943AFBBE1ABE6324F194A2ED4D9C73D1D67889418B47

Function 006732E8 Relevance: 11.6, Strings: 8, Instructions: 1627COMMON

Download Yara Rule

Strings

~~+, xrefs: 0067371C
;s6, xrefs: 00673516
>T, xrefs: 00673B13
r;r, xrefs: 00673F1D
*X|, xrefs: 00673A7C
B=v, xrefs: 006742C8
2~/, xrefs: 00673BE4
\:o, xrefs: 00673F4F

Memory Dump Source

Source File: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID: *X|$;s6$>T$B=v$r;r$~~+$2~/$\:o
API String ID: 0-4143653021
Opcode ID: 854e179ef1998762bdcd0fb67e096443702108fb0e15d11f0640970d4ea5bb7f
Instruction ID: 7407ca87ded18ee6f4965df22e6001b8a2085cb77aff4dcbe659e4bf459ad007
Opcode Fuzzy Hash: 854e179ef1998762bdcd0fb67e096443702108fb0e15d11f0640970d4ea5bb7f
Instruction Fuzzy Hash: 1CB2B5F3608204AFE3046E6DEC8567ABBE9EF94720F1A493DE6C4C7744EA3558018697

Function 0066250F Relevance: 11.6, Strings: 8, Instructions: 1602COMMON

Download Yara Rule

Strings

4|0k, xrefs: 00663116
W9g, xrefs: 006627F3
A1}+, xrefs: 00662D95
8SE, xrefs: 00663754
~Uw, xrefs: 006634FB
qM, xrefs: 00663689
7x], xrefs: 006630E6
<SE, xrefs: 0066374F

Memory Dump Source

Source File: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID: 4|0k$7x]$8SE$<SE$A1}+$W9g$~Uw$qM
API String ID: 0-548012269
Opcode ID: 5ed5a56adfdab91827ac52e4a57e3e3e84daf3492fa37d55b6e4ac5e168a9479
Instruction ID: 69d9b8c7301e7540540c1ca7555d08b1fd5fdb63627ab9e4f7df4c2f05813d0c
Opcode Fuzzy Hash: 5ed5a56adfdab91827ac52e4a57e3e3e84daf3492fa37d55b6e4ac5e168a9479
Instruction Fuzzy Hash: 6DB206F3A082049FE3046E2DEC8577ABBE5EF94320F1A493DEAC5C3744EA7558058697

Function 004A747D Relevance: 10.0, APIs: 4, Strings: 1, Instructions: 1238COMMON

Download Yara Rule

Strings

_^]\, xrefs: 004A75C5

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID: _^]\
API String ID: 0-3116432788
Opcode ID: a6605c9f768321876ca1388ab1d74ec91996d07b58fd47433c331b72a8fc58c1
Instruction ID: d3141665a6f29b50924f271063e8ca825dae17548a748942109ab7b8eb5cb883
Opcode Fuzzy Hash: a6605c9f768321876ca1388ab1d74ec91996d07b58fd47433c331b72a8fc58c1
Instruction Fuzzy Hash: EC8237715083518BC724CF28C8917ABB7E1FFDA314F198A6EE8D5973A5E7388805C74A

Function 00499310 Relevance: 9.2, Strings: 7, Instructions: 431COMMON

Download Yara Rule

Strings

PTvu, xrefs: 004996F3
;"I, xrefs: 0049944E
cbrn, xrefs: 004993EE
,6.2, xrefs: 00499446
A, xrefs: 00499698
WAg., xrefs: 0049943E
FM, xrefs: 00499370

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID: ;"I$,6.2$A$FM$PTvu$WAg.$cbrn
API String ID: 0-3116088196
Opcode ID: c9e207116f0d0e1d3c010b878aae285ff6d7d53aed98aae9b503113e93668ba5
Instruction ID: 51bef2352c04ec7266837329b83032c7614d9a5967c622186febcea606b7ecf0
Opcode Fuzzy Hash: c9e207116f0d0e1d3c010b878aae285ff6d7d53aed98aae9b503113e93668ba5
Instruction Fuzzy Hash: 5DC1457260C3D58BD322CF6994A036BBFD19FD6210F0D4AADE4D51B382D3698D0AC796

Function 004B81CC Relevance: 7.6, APIs: 2, Strings: 2, Instructions: 593COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 004B84BD
RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 004B85B4

Strings

LF7Y, xrefs: 004B8951
_^]\, xrefs: 004B8A15

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: LF7Y$_^]\
API String ID: 237503144-3688711800
Opcode ID: c2e40f992e15a05492eaf7c82a3d6f2e5dffa706ed797bb93eaa574607141191
Instruction ID: 51adf174db8079c4c417f7b33d281217307650e93b3e569738a6b4b182c65a4d
Opcode Fuzzy Hash: c2e40f992e15a05492eaf7c82a3d6f2e5dffa706ed797bb93eaa574607141191
Instruction Fuzzy Hash: 6F222071908341CFD3248F28D88076FBBE1AF89314F194A7EE9955B3A1E738D901CB5A

Function 004B83D8 Relevance: 7.5, APIs: 2, Strings: 2, Instructions: 542COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 004B84BD
RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 004B85B4

Strings

LF7Y, xrefs: 004B8951
_^]\, xrefs: 004B8A15

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: LF7Y$_^]\
API String ID: 237503144-3688711800
Opcode ID: 81621190e654df7bf7ae5b0693101ebea3f8ebf77dc5dab2c31dfde416d4605b
Instruction ID: f552d4691658c4c92b13492b9ae97d77ba26160249a5b5bd0026cef2d9953366
Opcode Fuzzy Hash: 81621190e654df7bf7ae5b0693101ebea3f8ebf77dc5dab2c31dfde416d4605b
Instruction Fuzzy Hash: EB121071909341CFD7208F28D88076FBBE1BF89314F194A6EE9995B3A1D738D901CB5A

Function 00678408 Relevance: 6.6, Strings: 4, Instructions: 1611COMMON

Download Yara Rule

Strings

I_<, xrefs: 00678823
EH_, xrefs: 00678A73
!oo, xrefs: 00678DAA
g[, xrefs: 006793B9

Memory Dump Source

Source File: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID: g[$ I_<$!oo$EH_
API String ID: 0-3386810706
Opcode ID: 975b363da5bbadade2832c0b607fd47edc3598c404c99adbc6c9e829c1afe935
Instruction ID: f7143a3ea72e2d44ca6c30f81e2fb1d3759f9bde0e8c6d54c64b8a67eca087a8
Opcode Fuzzy Hash: 975b363da5bbadade2832c0b607fd47edc3598c404c99adbc6c9e829c1afe935
Instruction Fuzzy Hash: CCB208F3A0C2009FE3046E2DEC8567ABBE5EF94320F16893DEAC587744EA7558058797

Function 004B24E0 Relevance: 6.6, Strings: 5, Instructions: 304COMMON

Download Yara Rule

Strings

"_,Y, xrefs: 004B2530
pCj], xrefs: 004B2528
.[TU, xrefs: 004B2538
;GsA, xrefs: 004B2520
=K0E, xrefs: 004B2544

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID: "_,Y$.[TU$;GsA$=K0E$pCj]
API String ID: 0-1171452581
Opcode ID: 2295b36ff38e048d67936527eff2e5eb5afcbc761bf1a5f2f53ba0328f4112f7
Instruction ID: d134361d55f8aab1ec18aad0e6244ed8e6e94aa0a0541ce310035827f66a5c14
Opcode Fuzzy Hash: 2295b36ff38e048d67936527eff2e5eb5afcbc761bf1a5f2f53ba0328f4112f7
Instruction Fuzzy Hash: 3B9126B16083009BC720DF25C891BA7B7F5EF95318F14852DF8898B391E7B8D906C76A

Function 004A8169 Relevance: 6.5, Strings: 5, Instructions: 299COMMON

Download Yara Rule

Strings

^`/4, xrefs: 004A81E1
7, xrefs: 004A8419
2h?n, xrefs: 004A83A0
gfff, xrefs: 004A8458
SP, xrefs: 004A8396

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID: 2h?n$7$SP$^`/4$gfff
API String ID: 0-3257051659
Opcode ID: 680ecaa3a49f96df13b6a5efc18098f287d96a700bee54b369475deb60b531cc
Instruction ID: b23c4250dbd32a700222c225e435d70985a2988c40e56f5e49445669bfb9f7fc
Opcode Fuzzy Hash: 680ecaa3a49f96df13b6a5efc18098f287d96a700bee54b369475deb60b531cc
Instruction Fuzzy Hash: 57A147B2A153518BD714CF28C85176FB7E2FBD5318F198A3ED885D7391EB3888068786

Function 0066938E Relevance: 6.4, Strings: 4, Instructions: 1378COMMON

Download Yara Rule

Strings

J*L, xrefs: 0066A3E9
T;\, xrefs: 00669915
#Aad, xrefs: 00669DBC
!q{, xrefs: 0066A3BD

Memory Dump Source

Source File: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID: !q{$#Aad$J*L$T;\
API String ID: 0-1083685625
Opcode ID: f64de1b0d0566369f39ff04593e17334d93021403f77b8474348ffb73b3ee26f
Instruction ID: 4f7759d51c194dac0f66e665db6f156b08b2ba479f3affc6010b5bb4deebf530
Opcode Fuzzy Hash: f64de1b0d0566369f39ff04593e17334d93021403f77b8474348ffb73b3ee26f
Instruction Fuzzy Hash: 499228F3A0C6049FE304AE2DEC4567ABBE9EFD4720F16893DE6C4C3744EA3558058696

Function 004B1340 Relevance: 5.5, Strings: 4, Instructions: 493COMMON

Download Yara Rule

Strings

9deZ, xrefs: 004B1818
eb, xrefs: 004B16F6
sp, xrefs: 004B1528
{s, xrefs: 004B1520

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID: 9deZ$eb$sp${s
API String ID: 0-3993331145
Opcode ID: df5deace5c865c09fe8d784e18131e2d8de6948270c367a850e32647c49e4583
Instruction ID: ac0fc512e0ff886e316251fcd1335238aa426f6ba59c0dd1d8ca4bc5eac63bc7
Opcode Fuzzy Hash: df5deace5c865c09fe8d784e18131e2d8de6948270c367a850e32647c49e4583
Instruction Fuzzy Hash: 70D117B16183048BC724DF24C8A16ABB7F2FFD5354F48DA1DE4968B3A0E7789904C756

Function 004B91AE Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 186COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,?), ref: 004B91DA

Strings

wpq, xrefs: 004B92B7
+Ku, xrefs: 004B92AF

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: +Ku$wpq
API String ID: 237503144-1953850642
Opcode ID: 58db8ac5b6f67cf32a6859bd25f7f48db5af9486813e7083e95437e4495ed5ad
Instruction ID: 48ed6644221138dcfa53a071015b9d3d89c3863976095d6064f216d87008d9dc
Opcode Fuzzy Hash: 58db8ac5b6f67cf32a6859bd25f7f48db5af9486813e7083e95437e4495ed5ad
Instruction Fuzzy Hash: 0A51BD7221C3118FC324CF29984076FB7E6EBC5310F55892EE5DACB285DB34D50A8BA6

Function 0066E218 Relevance: 5.4, Strings: 3, Instructions: 1643COMMON

Download Yara Rule

Strings

yYV{, xrefs: 0066F2B4, 0066F319, 0066F364, 0066F394
'}G|, xrefs: 0066E45F
yYV{, xrefs: 0066EF31

Memory Dump Source

Source File: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID: '}G|$yYV{$yYV{
API String ID: 0-790304675
Opcode ID: b4059a1b3d1884c5611f476ee916abe72f10ccc0d1ca399c51c82417384b21f5
Instruction ID: 695cfda4e12f453026d91b49429eed51bb2248ac564b83d0d8de875ea83599a5
Opcode Fuzzy Hash: b4059a1b3d1884c5611f476ee916abe72f10ccc0d1ca399c51c82417384b21f5
Instruction Fuzzy Hash: 80B226F360C6049FE3046E2DEC8567AFBEAEBD4320F1A493DE6C4C7744EA3558058696

Function 0066764B Relevance: 5.3, Strings: 3, Instructions: 1573COMMON

Download Yara Rule

Strings

$[w~, xrefs: 0066823B
j{, xrefs: 00668919
bP~k, xrefs: 00668248

Memory Dump Source

Source File: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID: $[w~$bP~k$j{
API String ID: 0-3122708944
Opcode ID: 0a2a6e860b2169db231e57f790303d5ffa3a7ea9fbcc81d5d0d40359093c69c6
Instruction ID: 32856eea90e6cd29be32f5c8c1bb82fd2ca961867159763f313db05f32385540
Opcode Fuzzy Hash: 0a2a6e860b2169db231e57f790303d5ffa3a7ea9fbcc81d5d0d40359093c69c6
Instruction Fuzzy Hash: 83B2F3F360C6009FE304AE2DEC8567AFBE9EF94720F1A893DE6C587744E63558058693

Function 004B90D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,00000000,?), ref: 004B9170

Strings

M/(, xrefs: 004B919E
M/(, xrefs: 004B913D

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: M/($M/(
API String ID: 237503144-1710806632
Opcode ID: dc94906a8f59c5e281b86a9dd3169bc8cd8b4fc0d89f299cb5689f06dce5c1dc
Instruction ID: 1c26c52fceb779b8af57688a818fd3dd68a9442c60e930ac607aa83d14aee604
Opcode Fuzzy Hash: dc94906a8f59c5e281b86a9dd3169bc8cd8b4fc0d89f299cb5689f06dce5c1dc
Instruction Fuzzy Hash: EE21237165C3615FE714CE38988279FB7AAEBC2700F01892DE0D1DB2C5D679880BC756

Function 004BA5B6 Relevance: 5.1, Strings: 4, Instructions: 77COMMON

Download Yara Rule

Strings

i, xrefs: 004BA5CD
VN, xrefs: 004BA520
VN, xrefs: 004BA5C6
i, xrefs: 004BA527

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID: VN$VN$i$i
API String ID: 0-1885346908
Opcode ID: f2560a5eb87e48c54c403f4c235dd9b7370a68364d9f3f272869781b585ee5e7
Instruction ID: 5bc276b7e9c5871c2e6200d0efca9e67acc3bd8b31ff77dfbb7b495982424652
Opcode Fuzzy Hash: f2560a5eb87e48c54c403f4c235dd9b7370a68364d9f3f272869781b585ee5e7
Instruction Fuzzy Hash: 4C21F6211083809AD3158E6580402E7BBE3ABC6318F284A5FD0F15B391EA3BCA1A477B

Function 004BA0CA Relevance: 4.1, Strings: 3, Instructions: 336COMMON

Download Yara Rule

Strings

<\hX, xrefs: 004BA236
_^]\, xrefs: 004BA49C, 004BA188
.txt, xrefs: 004BA371

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID: .txt$<\hX$_^]\
API String ID: 0-3117400391
Opcode ID: b40a188e15e81a397cbe715c0d4119045164a7a5046501f4861aaa3a64aaab79
Instruction ID: 07e52ddddc86d2c36e330923f78c8ff1c1908474d1fd4a0edb3c3fffef1cf2fe
Opcode Fuzzy Hash: b40a188e15e81a397cbe715c0d4119045164a7a5046501f4861aaa3a64aaab79
Instruction Fuzzy Hash: 4DC1317150C340DFD7089F28D88166BBBE2AF85314F088A7EF495473A6E3399955CB2B

Function 0049D4F3 Relevance: 4.0, Strings: 3, Instructions: 295COMMON

Download Yara Rule

Strings

Fm, xrefs: 0049D6DD
lev-tolstoi.com, xrefs: 0049D819
V], xrefs: 0049D6E4

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID: Fm$V]$lev-tolstoi.com
API String ID: 0-1622397547
Opcode ID: e1519be346be2645cae283ab35761bbd1d3c541c493ecdf06d45f78f445d488b
Instruction ID: bed6332f43ff6735b9e068dc6e9b74b21f266deb0f7a419338c8101f7eec7112
Opcode Fuzzy Hash: e1519be346be2645cae283ab35761bbd1d3c541c493ecdf06d45f78f445d488b
Instruction Fuzzy Hash: B49104B56557408FD325CF29C480652BFA2EFD631872D86ADC0954F726C73AE807CB54

Function 004AD003 Relevance: 3.4, Strings: 2, Instructions: 883COMMON

Download Yara Rule

Strings

[V, xrefs: 004AD4DD
bh, xrefs: 004AD4D6

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID: [V$bh
API String ID: 0-2174178241
Opcode ID: 58b7365f211af46793d625884355d1dafb05c0f2576735906d7cca3d804aea1c
Instruction ID: 23bd3e26f23b843edec16f2ed51d8293567ce247f2a88f2d9bdd7db85fafcb54
Opcode Fuzzy Hash: 58b7365f211af46793d625884355d1dafb05c0f2576735906d7cca3d804aea1c
Instruction Fuzzy Hash: 903249B1D01711CBCB24CF29C8916B7B7B1FFA6310F18825DD8969B794E738A842CB95

Function 0052F7FA Relevance: 3.0, Strings: 2, Instructions: 496COMMON

Download Yara Rule

Strings

H^#1, xrefs: 0052FEA7
Uy{, xrefs: 0052FCEF

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID: H^#1$Uy{
API String ID: 0-776118137
Opcode ID: 4366c04a5aa64ce531e712ec18766dab777dae75024efc0cbac87a11534e06b9
Instruction ID: 7d2e45114162292005d20e5ba6bcaf3cf64f32406fbf5c6bb23d73a55c52aad2
Opcode Fuzzy Hash: 4366c04a5aa64ce531e712ec18766dab777dae75024efc0cbac87a11534e06b9
Instruction Fuzzy Hash: D4F1D1F3E156204BF3585A28DC44376B692EB94321F2B423D9F8CA77C1E97E9C058789

Function 004F9401 Relevance: 3.0, Strings: 2, Instructions: 455COMMON

Download Yara Rule

Strings

{x,A, xrefs: 004F98DC
o6[{, xrefs: 004F97EA

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID: o6[{${x,A
API String ID: 0-2352074103
Opcode ID: 134f379d5508a2a7a2161b91ac9ad4d94a8a63852ef0f15d11b0c24856c1bcc5
Instruction ID: 30b67cf4c0d6939edede0c3e0ec29f22595804bd36d583d3900a0956b4133349
Opcode Fuzzy Hash: 134f379d5508a2a7a2161b91ac9ad4d94a8a63852ef0f15d11b0c24856c1bcc5
Instruction Fuzzy Hash: BFE1CDB3F106244BF3484979DD983767692EB94310F2B823D9F89AB7C5E97E5C0A4284

Function 00499780 Relevance: 2.9, Strings: 2, Instructions: 420COMMON

Download Yara Rule

Strings

1, xrefs: 00499A7B
A, xrefs: 00499922

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID: 1$A
API String ID: 0-719046165
Opcode ID: 5e4c75f92c393aa673f638bf7ab39ea43b3b4b5e5be403ed63ca483a8c158dd4
Instruction ID: 4d6b6f7b70cab123ea7164da106860d87b830cad4d83cdd93b08728c28aaaf25
Opcode Fuzzy Hash: 5e4c75f92c393aa673f638bf7ab39ea43b3b4b5e5be403ed63ca483a8c158dd4
Instruction Fuzzy Hash: 9CD1C4B55083508BD718DF28C8517ABBBE1FBD5318F08896DE4D9CB342DB389906CB96

Function 004A961B Relevance: 2.8, Strings: 2, Instructions: 332COMMON

Download Yara Rule

Strings

wt, xrefs: 004A98CB
&, xrefs: 004A97D7

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID: &$wt
API String ID: 0-2890898390
Opcode ID: 78050b0a9b04c17320baa623cdd93c17fc15866fdc7d891d610c9c31acb5c5cf
Instruction ID: b11fc3e47b883e6a726925de5c22f8bcfc6518655a24b68a2760908aeafab730
Opcode Fuzzy Hash: 78050b0a9b04c17320baa623cdd93c17fc15866fdc7d891d610c9c31acb5c5cf
Instruction Fuzzy Hash: 2F8149715083408BD725CF29C4516BB7BE1EFEA324F195A1DE4DA8B391E7388C05C79A

Function 00494270 Relevance: 2.8, Strings: 2, Instructions: 329COMMON

Download Yara Rule

Strings

IEND, xrefs: 00494661
), xrefs: 004942EB

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID: )$IEND
API String ID: 0-707183367
Opcode ID: 2e5398ae6631420340b37c44cb900c8e31a0e3f25f8bfad258b0c6bbf75ba5b7
Instruction ID: 3f0d2036852e8e6cffec2dea8ca5cb3c27a5744315ff7eca8fe4e6e13c4e8513
Opcode Fuzzy Hash: 2e5398ae6631420340b37c44cb900c8e31a0e3f25f8bfad258b0c6bbf75ba5b7
Instruction Fuzzy Hash: 27D1D1B16083449FDB20CF24D845B5FBFE0AB95308F14492EF9999B381D379E909CB96

Function 004B9739 Relevance: 2.8, Strings: 2, Instructions: 308COMMON

Download Yara Rule

Strings

(. 7, xrefs: 004B977E
,7, xrefs: 004B9786

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID: (. 7$,7
API String ID: 0-1315767106
Opcode ID: 147467937ecf0936c72cc23e8fda3f3b91e0d65675e0993a524f4b49c5b2a7c0
Instruction ID: ac8afbfc6c41b5c442cf07d887d15bc8a6ccb4ef8cadd79b4e9679c5c3b74240
Opcode Fuzzy Hash: 147467937ecf0936c72cc23e8fda3f3b91e0d65675e0993a524f4b49c5b2a7c0
Instruction Fuzzy Hash: 13A1D0B150C3419FCB14DF25C89166BBBE2AF96304F14892EF5968B352E738E841CB5A

Function 0049C840 Relevance: 2.8, Strings: 2, Instructions: 254COMMON

Download Yara Rule

Strings

NO, xrefs: 0049C9EC
~T, xrefs: 0049CAFC

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID: NO$~T
API String ID: 0-32858502
Opcode ID: c2dedf1ccb6b5b367aa91afb28ccaf6f99a430c6a7f8ce3cf6b87f6e858451a1
Instruction ID: 8da747a2c7b35e15eb1498abc21ffb9ea8cfbe03c751c21f3cc959783b5033e8
Opcode Fuzzy Hash: c2dedf1ccb6b5b367aa91afb28ccaf6f99a430c6a7f8ce3cf6b87f6e858451a1
Instruction Fuzzy Hash: E961FE7521C3018AD718CF65C89266BB7F2EFD5314F08C92DE0D58B784E6788A05CB5A

Function 005006C1 Relevance: 1.7, Strings: 1, Instructions: 404COMMON

Download Yara Rule

Strings

v, xrefs: 0050090C

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID: v
API String ID: 0-1801730948
Opcode ID: 6d5df488d6a64d2b5eea21fc2b19d45e3a9583a00f073dec383c4627bbe27815
Instruction ID: 18ae37d7eac1807c0961c23a108d22d0db2119e6cb32642f9309a6df76b47663
Opcode Fuzzy Hash: 6d5df488d6a64d2b5eea21fc2b19d45e3a9583a00f073dec383c4627bbe27815
Instruction Fuzzy Hash: 1BD18DF7F215254BF3544868CC583A2664397E5325F2F81788F4C6B7CAD8BE9C0A5384

Function 004BD17D Relevance: 1.7, APIs: 1, Instructions: 152COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(1A11171A), ref: 004BD2A4

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: aada9e503a660270ff167ed50eabc0f6bbf24d0fba7f00605532d554ecdb2582
Instruction ID: 14e6ad28d48a724374d7b5a21f78234603fee6aca93c48fc8d6587f6044a9a7d
Opcode Fuzzy Hash: aada9e503a660270ff167ed50eabc0f6bbf24d0fba7f00605532d554ecdb2582
Instruction Fuzzy Hash: 1141D2705043819BE3198B34C9A0B63BFA1EF57318F2886DDE5964B393D729D806C765

Function 004BD34A Relevance: 1.6, Strings: 1, Instructions: 398COMMON

Download Yara Rule

Strings

><+, xrefs: 004BD353

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID: ><+
API String ID: 0-2918635699
Opcode ID: 3d71637e6455d0f05fefed641e49439025b5c3bea76665731c82e021265a8067
Instruction ID: b0a4f4c3c23294b9a135754802ded35819b6672bb7244bf109ef81362bbe45c1
Opcode Fuzzy Hash: 3d71637e6455d0f05fefed641e49439025b5c3bea76665731c82e021265a8067
Instruction Fuzzy Hash: 7EC1E575A047418FD725CF2AC490762FBE2BF96310F2885AEC4DA8B752D739E806CB54

Function 004BB170 Relevance: 1.6, Strings: 1, Instructions: 396COMMON

Download Yara Rule

Strings

", xrefs: 004BB458

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: 2a481a20cd818ae86bd77ddd76c28e78242e6649cf267746c47876947a36422a
Instruction ID: 39a0038af4a15855b098f21ec2a40f7c0cdb8d4b88b2646c91b64cae4a6297a9
Opcode Fuzzy Hash: 2a481a20cd818ae86bd77ddd76c28e78242e6649cf267746c47876947a36422a
Instruction Fuzzy Hash: 24C129B2A043046FD7258E25C4917ABB7D5EF84314F18892FE89587382E7BCDC4587E6

Function 004F8513 Relevance: 1.6, Strings: 1, Instructions: 383COMMON

Download Yara Rule

Strings

GPV~, xrefs: 004F896C

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID: GPV~
API String ID: 0-275199937
Opcode ID: 0caa8abdc8bdb50a57b41f9403de110e8afb5db9fbc27b72df20c13df6014e69
Instruction ID: dfadfccdbd65f56474ef1bd60e723757267d20435477fd6983204757390e74e7
Opcode Fuzzy Hash: 0caa8abdc8bdb50a57b41f9403de110e8afb5db9fbc27b72df20c13df6014e69
Instruction Fuzzy Hash: 20C100B3E042148BF3089E29DC98776B7D2EBD4310F2B853DDAC997784E93A68058785

Function 00505334 Relevance: 1.6, Strings: 1, Instructions: 344COMMON

Download Yara Rule

Strings

R, xrefs: 005054BB

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID: R
API String ID: 0-1466425173
Opcode ID: afa5a3ae06c0637bd7400ec09734ef3c074fe2360276e750241111ccf46c99de
Instruction ID: 70fb967620b48d219488c012fb7a9d3bb2ece4319e16f87496293bd849a1a7df
Opcode Fuzzy Hash: afa5a3ae06c0637bd7400ec09734ef3c074fe2360276e750241111ccf46c99de
Instruction Fuzzy Hash: E1C1AAB3F1152547F3544939CCA83B26683DB95311F2F82788A4D6BBC9EC7E9C4A5384

Function 005371BB Relevance: 1.5, Strings: 1, Instructions: 295COMMON

Download Yara Rule

Strings

7|!O, xrefs: 005371C9

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID: 7|!O
API String ID: 0-2075117522
Opcode ID: fc4569e9a13dae51a12ea1be0bff2e7a85e5dd2e5d1245b3d2128f57646fb0a0
Instruction ID: 3c6fee9b6f97ef16f004a2ab3a4dcf9c5c3a1c0d008b0d99037142f56a8344d7
Opcode Fuzzy Hash: fc4569e9a13dae51a12ea1be0bff2e7a85e5dd2e5d1245b3d2128f57646fb0a0
Instruction Fuzzy Hash: 7BA1BBB3E5163547F3544878CD993A266829795320F2F82398F1CABBC9DDBE5D0A12C8

Function 005353B2 Relevance: 1.5, Strings: 1, Instructions: 280COMMON

Download Yara Rule

Strings

b, xrefs: 005354EB

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID: b
API String ID: 0-1908338681
Opcode ID: e18b9fc00589b357cc2b041c784f22f5393a4a730e5d443deaba883058853616
Instruction ID: df5066f1250d1a98fb68dc08cff55ad0ecb585f54f9b655bef3434d83dfe865b
Opcode Fuzzy Hash: e18b9fc00589b357cc2b041c784f22f5393a4a730e5d443deaba883058853616
Instruction Fuzzy Hash: 75A1ABB3F116254BF3444D29CD583A27683EBD4315F2F81398B49ABBC9D97EAC0A5384

Function 004FD157 Relevance: 1.5, Strings: 1, Instructions: 278COMMON

Download Yara Rule

Strings

a,~", xrefs: 004FD257

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID: a,~"
API String ID: 0-4149601634
Opcode ID: 7c77e4d474b51d7d6c5a6ed0f9d85088659f0e289697fb33172cb06ea699aa20
Instruction ID: 81ad7f65b1239529c1abf56fbd06766db5e20a5c14b0730425f4901b0ddd96e4
Opcode Fuzzy Hash: 7c77e4d474b51d7d6c5a6ed0f9d85088659f0e289697fb33172cb06ea699aa20
Instruction Fuzzy Hash: FB9147F3F1152547F3544839CD983A265839BD0325F2F82788F9CABBC9D87E9D0A5284

Function 004B7440 Relevance: 1.5, Strings: 1, Instructions: 264COMMON

Download Yara Rule

Strings

_^]\, xrefs: 004B7465

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID: InitializeThunk
String ID: _^]\
API String ID: 2994545307-3116432788
Opcode ID: 36b02e89bdff72a552f55bbc55bc82df3e261f23bae8823dfd0d5fc6e546159f
Instruction ID: becdc2f7a571ea196139d4a5f3de7c4515e6fb585973642cecfcad82c8c0f2cf
Opcode Fuzzy Hash: 36b02e89bdff72a552f55bbc55bc82df3e261f23bae8823dfd0d5fc6e546159f
Instruction Fuzzy Hash: D2710975A083005BDB249A29DC92BBB77A1DFC1318F18843EE58697392E27CDC05976A

Function 004BC53C Relevance: 1.5, Strings: 1, Instructions: 252COMMON

Download Yara Rule

Strings

x|*H, xrefs: 004BCE93

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID: x|*H
API String ID: 0-3309880273
Opcode ID: cba7065fe7b829c8f700531c82984290f74bd32d3021cb1d93b2dc30fb50a203
Instruction ID: ca87111ddedbf956e9de0dfc6d94459712e1a80245158e067a18e04d87b078b8
Opcode Fuzzy Hash: cba7065fe7b829c8f700531c82984290f74bd32d3021cb1d93b2dc30fb50a203
Instruction Fuzzy Hash: 7F7101746047818BD7298F39C4E07B3BBE2AF56305F28C4AED5D78B792D639D8068724

Function 0049D021 Relevance: 1.5, Strings: 1, Instructions: 232COMMON

Download Yara Rule

Strings

_^]\, xrefs: 0049D455

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID: _^]\
API String ID: 0-3116432788
Opcode ID: 9ecb53d7ca947c05b37d9c6c14e52299fbcb7cb5795b0b8833e3c7b08c13b058
Instruction ID: 9990f02c75ed90a70dbe827ddb37e9039f74495d6641d1db2d0de5b4b673e089
Opcode Fuzzy Hash: 9ecb53d7ca947c05b37d9c6c14e52299fbcb7cb5795b0b8833e3c7b08c13b058
Instruction Fuzzy Hash: 32510474B012009FCB348B28D9D0A37BBE2EB55715B58883ED9D787662C235F8128B59

Function 004BC0E6 Relevance: 1.5, Strings: 1, Instructions: 228COMMON

Download Yara Rule

Strings

N&, xrefs: 004BC173

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID: N&
API String ID: 0-3274356042
Opcode ID: 512102ea162fef3a5e456ec5bf6ca4c01d9eafe96b62a165154a765f4ba8d869
Instruction ID: 6b1645745fdfa5e3ecc71f097fb1d20426f52bde5b50c3834d67943ead7875e6
Opcode Fuzzy Hash: 512102ea162fef3a5e456ec5bf6ca4c01d9eafe96b62a165154a765f4ba8d869
Instruction Fuzzy Hash: FE51F721604B804BD729CB3A88913B7BBD3ABD7310B58969EC4D7D7786CA3CE4068B14

Function 004BC09E Relevance: 1.5, Strings: 1, Instructions: 217COMMON

Download Yara Rule

Strings

N&, xrefs: 004BC173

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID: N&
API String ID: 0-3274356042
Opcode ID: c90813009eac003d6359a064c3135f03d0b72549b7527d97220d9bea977ea6a9
Instruction ID: f3d8cf9b5dec6ffd2ae6612febbea2ed35678ad5546720eeea3dbe0985db929b
Opcode Fuzzy Hash: c90813009eac003d6359a064c3135f03d0b72549b7527d97220d9bea977ea6a9
Instruction Fuzzy Hash: A0510925615B804AD729CB3A88903B37BD3AF97310F5C969EC4D7D7B86CA3C94028B25

Function 0053247D Relevance: 1.5, Strings: 1, Instructions: 215COMMON

Download Yara Rule

Strings

&.4], xrefs: 005326B2

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID: &.4]
API String ID: 0-943626922
Opcode ID: 7a6d87e180f6972c3f5a92284f29c1f2fb792bf0d331e448ddbc1c521f819648
Instruction ID: 49211d94857fae9062ec2b8d56f782bb3c3d5b5757ff6f4793685119a9763416
Opcode Fuzzy Hash: 7a6d87e180f6972c3f5a92284f29c1f2fb792bf0d331e448ddbc1c521f819648
Instruction Fuzzy Hash: CD71BFB3F616248BF3444978CC983A23693DBA5721F2F82788F585B7C5D9BE5C095384

Function 004F30BF Relevance: 1.4, Strings: 1, Instructions: 198COMMON

Download Yara Rule

Strings

<3~?, xrefs: 004F32DE

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID: <3~?
API String ID: 0-3125721737
Opcode ID: 5bc361553afe7c821320705b465300b18615efddab5ea474f1ac4dca586308eb
Instruction ID: af57e6f505ae874aa34f551b24fbd9eda6d0ad216399b33833e922d7e1a8c93a
Opcode Fuzzy Hash: 5bc361553afe7c821320705b465300b18615efddab5ea474f1ac4dca586308eb
Instruction Fuzzy Hash: D3618FB3F116254BF3544E28CCA43A27283EB91321F2E423C8E589B7C4DEBEAC055384

Function 0049F3C0 Relevance: 1.4, Strings: 1, Instructions: 192COMMON

Download Yara Rule

Strings

,, xrefs: 0049F3E0

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID: ,
API String ID: 0-3772416878
Opcode ID: bff904820a01a1d7e0607151fbc8f759ab3d3fe674b84ba4da63a19d13191c5f
Instruction ID: 24d8a465ef006931f3f64a333308e55f998285ddb5f8c28f274760e282020056
Opcode Fuzzy Hash: bff904820a01a1d7e0607151fbc8f759ab3d3fe674b84ba4da63a19d13191c5f
Instruction Fuzzy Hash: FF61F83260C7908BCB109A3988512DFBFD19B96324F294B3ED9E5D73D2E2388905D747

Function 004D1160 Relevance: 1.4, Strings: 1, Instructions: 167COMMON

Download Yara Rule

Strings

@, xrefs: 004D123B

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: f4f5848a20798b9e48407c4b9a5acd8b73a25d8d01e4f68c04573dcf1a33a6e1
Instruction ID: 5bc5b48e9c47f465859d7bd98162fcf5555b18f5096559f5d780e3db28f06c2f
Opcode Fuzzy Hash: f4f5848a20798b9e48407c4b9a5acd8b73a25d8d01e4f68c04573dcf1a33a6e1
Instruction Fuzzy Hash: 824114B2604310ABD7148F54CC65B7BBBA1FFD5354F088A2EE9855B3A0E3399804C78A

Function 004BC465 Relevance: 1.4, Strings: 1, Instructions: 152COMMON

Download Yara Rule

Strings

AB@|, xrefs: 004BD9F4

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID: AB@|
API String ID: 0-3627600888
Opcode ID: 716578c02a3632069a1ba4d7a620f3436240fc8d8b6f234572499e8106db028c
Instruction ID: d2fb329059c51f978db3b2c5670aa2701ebb4119690a1dee98c421b39405db23
Opcode Fuzzy Hash: 716578c02a3632069a1ba4d7a620f3436240fc8d8b6f234572499e8106db028c
Instruction Fuzzy Hash: 6541E3715046928FD7228F39C8507B3BBE2BB97310B1896E9C0D29B796D738E845CB64

Function 004B8528 Relevance: 1.4, Strings: 1, Instructions: 109COMMON

Download Yara Rule

Strings

_^]\, xrefs: 004B8545

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID: _^]\
API String ID: 0-3116432788
Opcode ID: 8555f0b199da4dd2e58904667716aa12bfdabf7e23fddb16095a89b7f3ae2975
Instruction ID: 0082252c56160fe1b0f1f7916f756f130df7a5ec724db71381f7acddf5bd3eaa
Opcode Fuzzy Hash: 8555f0b199da4dd2e58904667716aa12bfdabf7e23fddb16095a89b7f3ae2975
Instruction Fuzzy Hash: B021BC746092009BD75C8B34CCA1A7B73A7EBC5318F28152FD193527A5DF39D812C65D

Function 004D0340 Relevance: 1.4, Strings: 1, Instructions: 103COMMON

Download Yara Rule

Strings

@, xrefs: 004D03AD

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID: InitializeThunk
String ID: @
API String ID: 2994545307-2766056989
Opcode ID: cb4240ae57fc3d73572ee40063d5522f604a68745ae2f281e4b4800827e221c7
Instruction ID: 800435012b0cd9346d39c3928928236f1ca552460549ed70cef6263f9a0c5e1b
Opcode Fuzzy Hash: cb4240ae57fc3d73572ee40063d5522f604a68745ae2f281e4b4800827e221c7
Instruction Fuzzy Hash: 8531F1716083048BC314DF58D8D5B6FB7E4EB85314F14892EE69883390D739D848CB5A

Function 004BE180 Relevance: .7, Instructions: 710COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a5246a873d6b566dfbda73bbdff23c0e213b334f26e407452263bbe9324b839
Instruction ID: 371415e7cc999020d9edf7a75ba16dc9c48c6a46d85f23196d1ccd633b4ae0fe
Opcode Fuzzy Hash: 6a5246a873d6b566dfbda73bbdff23c0e213b334f26e407452263bbe9324b839
Instruction Fuzzy Hash: 3862A4F1511B019FC3A1CF2AC891BA3BBE9AF89310F54851FE1A9D7311DB7465018F9A

Function 004965F0 Relevance: .7, Instructions: 665COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77f39996827792f115b03af40c01df9f41100abb5d906bb77b95a7c4aab48e5c
Instruction ID: a81bece45388f69afa17b1f0934d51209eda5bd10ca223bebb1bcb388d1a8341
Opcode Fuzzy Hash: 77f39996827792f115b03af40c01df9f41100abb5d906bb77b95a7c4aab48e5c
Instruction Fuzzy Hash: BA52B2B0908B848FEF31CB24C4847A7BFE1AB91314F16893ED5E706786C37DA9859719

Function 004973D0 Relevance: .6, Instructions: 625COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e797157fb35717b6a91bbe19d3c6782b16ec68ef1e5ad1ec3f47f605a4e618f
Instruction ID: 272ee99e30a7ca9f0369b6de733dd1d7f24f413ac2c5958e327812e1e123b55d
Opcode Fuzzy Hash: 6e797157fb35717b6a91bbe19d3c6782b16ec68ef1e5ad1ec3f47f605a4e618f
Instruction Fuzzy Hash: 9022C231A1C3118BDB25DF18D8806ABB7E1FFC4319F19893ED98697385D738A811CB4A

Function 0052420E Relevance: .5, Instructions: 519COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62a4c97576a890f10fc45fd48bf7fce9b1e261a61659a9cdc8a8b33960240acf
Instruction ID: 4f3f571ab211c0e0bbd24d97ca4cebeb252b32324af40c8acaff23ca66fc71a9
Opcode Fuzzy Hash: 62a4c97576a890f10fc45fd48bf7fce9b1e261a61659a9cdc8a8b33960240acf
Instruction Fuzzy Hash: DC02ADF3E046208BF3145979DC583A6B692AB94320F2F463D8E8CA77C5E97E5C0983C5

Function 004CA5D4 Relevance: .4, Instructions: 432COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d00d3bd1868c71fa88637fc0f3095c57c71a3f3f6f957a47c75c70a66b57977
Instruction ID: 688b1e156e0557ce95d504010529a3a3fd34c536dbab32297c0ca5259d8dc707
Opcode Fuzzy Hash: 4d00d3bd1868c71fa88637fc0f3095c57c71a3f3f6f957a47c75c70a66b57977
Instruction Fuzzy Hash: C2D13437629216DBCB149F38E862267B3E1FF49745F4A897EC481C72A0E339C960C759

Function 0051A85B Relevance: .4, Instructions: 369COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e82652056f8ba3d9315c0b84714096285c248a0c85fb2cf71ae87bff481cbb4
Instruction ID: be6008157c5d0d8d535e952ce3ce80d9935c67ca6e292575f970e761aedd4c76
Opcode Fuzzy Hash: 4e82652056f8ba3d9315c0b84714096285c248a0c85fb2cf71ae87bff481cbb4
Instruction Fuzzy Hash: 89D158B3F112214BF3544D79CDA83A26682EB90325F2F82398F896B7C5DC7E5C0A5384

Function 0050B527 Relevance: .4, Instructions: 359COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd68b5c7ce1e707ec96363a3c441779d3072a1afd33d61e74130d73ccd1f2004
Instruction ID: 75522ac2750c7171619201b62f91239d3c60d9113fc29d1f315b07319536991b
Opcode Fuzzy Hash: cd68b5c7ce1e707ec96363a3c441779d3072a1afd33d61e74130d73ccd1f2004
Instruction Fuzzy Hash: 6BC198F3F115244BF3044969CC983A16683EBD5325F2F82788E5CAB7C5D97E9C0A5384

Function 005310B8 Relevance: .4, Instructions: 353COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2d2b64366be0929ca701e317a3a6ab6c21de0e540a011b5c8ca2b52a93bb66e
Instruction ID: 182897e1eb8ea5ec55a13fbdaee4ba5a0e876b91bdd7184db72facf12c01c11a
Opcode Fuzzy Hash: b2d2b64366be0929ca701e317a3a6ab6c21de0e540a011b5c8ca2b52a93bb66e
Instruction Fuzzy Hash: 16C18BF3F515254BF3584878CC583A266839BA1324F2F42398F5CAB7C5ECBE9C0A5284

Function 0052F253 Relevance: .4, Instructions: 350COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7fc27d21d1165173399ee22d38ab03fb1a8dee33b123005ef65caea1b19c714
Instruction ID: 6ce66f44d93d27280070d14e17c1b4c94c0229dfbc896a2b0c13ece6075321da
Opcode Fuzzy Hash: c7fc27d21d1165173399ee22d38ab03fb1a8dee33b123005ef65caea1b19c714
Instruction Fuzzy Hash: CAC199B3F106254BF3444979CC983A26643EB95311F2F82788F5D6B7C9D9BE5C0A5384

Function 00504540 Relevance: .3, Instructions: 345COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2a9dab9453fe94d7c411f165d775b703dac949b27ae4f682e03c7685e8f25f7
Instruction ID: 581eb3ce6ef66a4a3feca4b2e3dfbea1933d85f2574eb0bea5a51b129b3c97f1
Opcode Fuzzy Hash: c2a9dab9453fe94d7c411f165d775b703dac949b27ae4f682e03c7685e8f25f7
Instruction Fuzzy Hash: 53C14AF3F116254BF3544969CD883626683DBD4325F2F82788F48AB7C9EDBE5C0A5284

Function 0049E687 Relevance: .3, Instructions: 340COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b159eafa08981cb8c77ba3c4431487edeb549503cd436b5bf366e68d1ac91fc
Instruction ID: ca0e643aec29ee0e8c602614276e069977982f56c0627c739c0f021384bc6cd7
Opcode Fuzzy Hash: 1b159eafa08981cb8c77ba3c4431487edeb549503cd436b5bf366e68d1ac91fc
Instruction Fuzzy Hash: C3814B756407418BD724CB79CC92BA7BBE2EF9A315F08C9BDC4864B353E63CA8028754

Function 005345E5 Relevance: .3, Instructions: 339COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2d9aac06ec895eeb8737c09edeae9211e961d660cb16113695b7e72e9db9fd4
Instruction ID: 4834ce4b6aaae3c53de3c5cd23d2abe5e5ffe6e740f598b19fd456d5a14b46fd
Opcode Fuzzy Hash: a2d9aac06ec895eeb8737c09edeae9211e961d660cb16113695b7e72e9db9fd4
Instruction Fuzzy Hash: A0B17EB3F1162447F3544879DD983A266839BE5321F2F82788E9C6BBC5DC7E5C0A4384

Function 004AE220 Relevance: .3, Instructions: 337COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ebe34b6637e4484b3a44c46193aa4fb330eef7b4426379399bfaebdbc89ff70
Instruction ID: 45ce203626cfa80385a5424ce5741099c0813f18d0cd9bbdde87df9211c94dfc
Opcode Fuzzy Hash: 8ebe34b6637e4484b3a44c46193aa4fb330eef7b4426379399bfaebdbc89ff70
Instruction Fuzzy Hash: A0B10775904301AFD7109F26DC41B1ABBE2BFD9318F144A3EF8E4933A1D73A99189B46

Function 005306F5 Relevance: .3, Instructions: 332COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 923736462cda8d9ad5904fbb04708df0e10d84ba446a086eca2a62de3f107273
Instruction ID: c2e4d4b922c7e5d0e648490c455090b7a56d513dacd131f304b0fd80cb388fa0
Opcode Fuzzy Hash: 923736462cda8d9ad5904fbb04708df0e10d84ba446a086eca2a62de3f107273
Instruction Fuzzy Hash: 6DC19AF3F106244BF3544968CC983A26283DB95325F2F82788F5C6B7C6D9BE6D069384

Function 005061F5 Relevance: .3, Instructions: 330COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9649097a61d7961cd645f4cf0bde67f7a7982acad7067b794a06b0f293e448f5
Instruction ID: 25cd27211502730dddb633798cac4f3bb4aa690dc50df2677f82976def1f3ce9
Opcode Fuzzy Hash: 9649097a61d7961cd645f4cf0bde67f7a7982acad7067b794a06b0f293e448f5
Instruction Fuzzy Hash: A5B137F3F116254BF3544839CD583A2658397E5325F2F82788F9CAB7C9D87E9C0A5284

Function 0051738C Relevance: .3, Instructions: 329COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d13ef89edb7d6db75448c4ac29d91b4ce4a68f4ad781a52d99d7891b0a54545
Instruction ID: 2b5b6519ebffc2f08ce414bcc904ff9be29476c230aeeca99e664a978fa61f3e
Opcode Fuzzy Hash: 9d13ef89edb7d6db75448c4ac29d91b4ce4a68f4ad781a52d99d7891b0a54545
Instruction Fuzzy Hash: 3CB176B3F105254BF7584839CD683B26683ABD5321F2F823D8B5E6B7C5D87E9C0A5284

Function 005252F8 Relevance: .3, Instructions: 326COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a2c5395ff86aaa28de5cb7213a871049007faf9004eb745ffa1d4e0e1f3192d
Instruction ID: 0abb30358f78452b59c49ea264b02eee9a6ea1cb3dec49636fbb5b749d5575c3
Opcode Fuzzy Hash: 3a2c5395ff86aaa28de5cb7213a871049007faf9004eb745ffa1d4e0e1f3192d
Instruction Fuzzy Hash: A4B17BB7F116214BF354487ADD983A265839BD1324F3F82388F5CABBC5D8BE5D0A5284

Function 0050E711 Relevance: .3, Instructions: 326COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9142fe48003c782bc86957b6a760271195ad2c1c7096d0bfdce04d8285b04bca
Instruction ID: f23c047ec3f462bcb9e9b1cce9fbbd95dec7f30fff1dedb3684aeec1a6e97741
Opcode Fuzzy Hash: 9142fe48003c782bc86957b6a760271195ad2c1c7096d0bfdce04d8285b04bca
Instruction Fuzzy Hash: D9B15AF7F11A310BF3544879DD983A265829B95325F2F82788F5CAB7C5E87E4C0A42C4

Function 0051F13D Relevance: .3, Instructions: 323COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0d9a4ca8fea51e9b84c157ee6e7cb817b396de436964729431dbdb9f8cbf883
Instruction ID: a9fc3e55e5677033e00b506b6b9d6f5a47ef059d25b30cae50b9878f2e3f469d
Opcode Fuzzy Hash: e0d9a4ca8fea51e9b84c157ee6e7cb817b396de436964729431dbdb9f8cbf883
Instruction Fuzzy Hash: D8B18BF3F116250BF3544879CD983A2658397E5325F2F82398F5CABBC9D9BE5C0A4284

Function 00509057 Relevance: .3, Instructions: 321COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f0293086d0199e9075bc93a7cb0d5c4d38ba2c8f0ba08baf5f473185fdce45d
Instruction ID: ff171e3534f91e8fe3d2f8a713fca08a741c8f3e955acaae24e61873a6b462c4
Opcode Fuzzy Hash: 4f0293086d0199e9075bc93a7cb0d5c4d38ba2c8f0ba08baf5f473185fdce45d
Instruction Fuzzy Hash: 94B18EB3F615214BF3544839CC583A26583ABD1325F2F82798E5CABBC9DC7E9C0A5384

Function 0051502E Relevance: .3, Instructions: 321COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6a210f94b447a76d68837177be9f65148eff9d014f2b641ed908ca9cfd26adc
Instruction ID: ff20ca95195f6afd12a1381861b4ed5d46e29406e5aab444505823488bf1fdbc
Opcode Fuzzy Hash: b6a210f94b447a76d68837177be9f65148eff9d014f2b641ed908ca9cfd26adc
Instruction Fuzzy Hash: BCB165F3F105244BF3544979CD58362A693AB91324F2F82788F5C6BBC9E97E5C0A52C4

Function 005012F7 Relevance: .3, Instructions: 320COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ca1d574853a6824c40f1696f8404ef25cb17bcc0055bd35b917378f3a4676ed
Instruction ID: fbad9d8b0072e9179ce2398d527ac295622f21455fe8722bab37553d6aafdd32
Opcode Fuzzy Hash: 5ca1d574853a6824c40f1696f8404ef25cb17bcc0055bd35b917378f3a4676ed
Instruction Fuzzy Hash: 79B156B3F106204BF3584879DDA83A666839791324F2F82798F5DAB7C9DC7E5C0A4384

Function 0051637A Relevance: .3, Instructions: 315COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a18c8b4104abedc2235620806a95253d4ed10fc8ba7f644576b1d25157d50d7
Instruction ID: e99113ab7a055ceda0b5f1c9f17b5393ceb7ce7c4dd02b107a10f850221cc82c
Opcode Fuzzy Hash: 7a18c8b4104abedc2235620806a95253d4ed10fc8ba7f644576b1d25157d50d7
Instruction Fuzzy Hash: D4B18DF3E106254BF3544D68DC983A27682EB95325F2F42388F9CAB7C5E97E5C0A5384

Function 0051041C Relevance: .3, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d93cabf913bcc9392ec650d5b9b3fc0f813b51e01d2ec6fd7be7038a32cab591
Instruction ID: 6f1397f92bafebd378ab043f8542e74cf9dd3a4d90accb495abaec971285b650
Opcode Fuzzy Hash: d93cabf913bcc9392ec650d5b9b3fc0f813b51e01d2ec6fd7be7038a32cab591
Instruction Fuzzy Hash: 2FB15BB3F116254BF3544978CD983A26683EB91315F2F82388F486BBC9D9BE5D0A5384

Function 0051868C Relevance: .3, Instructions: 307COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf133ef48a4a325c2ac9e281a6c0ba7a9eb65a61c8b4806c2c2decb0706cf8e7
Instruction ID: 2792f38a88ee9b250427cad00b4dccfbb14022c70a5f40f50bcd868a8d9c7bb1
Opcode Fuzzy Hash: cf133ef48a4a325c2ac9e281a6c0ba7a9eb65a61c8b4806c2c2decb0706cf8e7
Instruction Fuzzy Hash: 89B164E3F1062547F3540964CDA83A2A6829B91325F2F82788F4D6B7C5ED7E9C0A4388

Function 004D06F0 Relevance: .3, Instructions: 305COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: f27a437e6b90fa2c39a986feaf1b484e3359d1e61864d52a1c04762c1245efdb
Instruction ID: 0978ef14b6fa1ee6356e1e854d5a43702c33d55937ac91955326cc6477d13f3e
Opcode Fuzzy Hash: f27a437e6b90fa2c39a986feaf1b484e3359d1e61864d52a1c04762c1245efdb
Instruction Fuzzy Hash: 058100756052018BD7249F19C8A0B2FB7E2EFD5710F19856EE8C48B395EB38DC51CB8A

Function 005070BA Relevance: .3, Instructions: 304COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed87ce74f000bfd0a6efbad0bced4fc7568f374e6de403341e727360ab00f1ab
Instruction ID: 5b5ebf85d33cb8fe246670de21cbc977db1d880f6d84205eb33bf924d79b2b2a
Opcode Fuzzy Hash: ed87ce74f000bfd0a6efbad0bced4fc7568f374e6de403341e727360ab00f1ab
Instruction Fuzzy Hash: 33B16DF3F116244BF3444868DC983A26683E794315F2F82788E5C6B7C6DDBE5D095388

Function 0052A685 Relevance: .3, Instructions: 304COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a3d65303e442080ba5b3a516896a534fdec0562f55a235ce05dc01f921df30c
Instruction ID: 99bff6afb62e1d3614d7a55ff093e497977a88f5855975ea0cff424605e6f120
Opcode Fuzzy Hash: 0a3d65303e442080ba5b3a516896a534fdec0562f55a235ce05dc01f921df30c
Instruction Fuzzy Hash: F4A16AF3F116254BF3444D38DC983A226839BA5325F2F82788F586BBCAD97E5D095384

Function 00496160 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a47cf4779e96c498a3bacb3a1360b7721c88dbd32f3e99254b456f432f8d3c8a
Instruction ID: 544db7c5d025da756d6289b94b945eb904a82b8a4eff8b9455988148a56280db
Opcode Fuzzy Hash: a47cf4779e96c498a3bacb3a1360b7721c88dbd32f3e99254b456f432f8d3c8a
Instruction Fuzzy Hash: 32C15BB29187418FC770CF68DC86BABBBE1BF85318F09492DD1D9C6242E778A155CB06

Function 005233E5 Relevance: .3, Instructions: 299COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8789f8816fb9158cb13ec5568f5b82a5117560f8d3af5670855aafceb2ac27b
Instruction ID: 58e18dad2093b1fcf43f441f7d357a6c5f67d9a2f3092ede533a811715590998
Opcode Fuzzy Hash: c8789f8816fb9158cb13ec5568f5b82a5117560f8d3af5670855aafceb2ac27b
Instruction Fuzzy Hash: 54A1A9F7F116254BF3544839DC983A226839BD5325F3F82388A5CAB7C5EC7E9D0A5284

Function 0052261A Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ae8dca58cd5444513873c6c4333fb644d725f75d969b644aca8c9001367887d
Instruction ID: 4ba8c67bd2cb76a329082e5a8b471deedde0030620794c7829e7a4066874cccc
Opcode Fuzzy Hash: 9ae8dca58cd5444513873c6c4333fb644d725f75d969b644aca8c9001367887d
Instruction Fuzzy Hash: 5DA197B3F115204BF3544D29CC683A26683ABE5321F2F82798E9C6B7C5DD7E6D0A5384

Function 005270FE Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd7e6fb24dff59f2ae103e56f8caded3e903274164c6e6de167e3f5518c5ee94
Instruction ID: 79cb70b594153f7af35a7f9499dc7722bf97339eb86fdeb90ab0738a32a3d627
Opcode Fuzzy Hash: bd7e6fb24dff59f2ae103e56f8caded3e903274164c6e6de167e3f5518c5ee94
Instruction Fuzzy Hash: 03A189B3F216244BF3544978CD883A26683DBD5311F2F82788E5CAB7C5D8BE9D095384

Function 004F27AF Relevance: .3, Instructions: 291COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19cec274a4fbd1f700861db7d1da42ed3438794624db7328629539cf1738f96c
Instruction ID: dfb201c0c251675fd169f4f65f114ede2a4d0ca0071b8c802b62b1c3fee77380
Opcode Fuzzy Hash: 19cec274a4fbd1f700861db7d1da42ed3438794624db7328629539cf1738f96c
Instruction Fuzzy Hash: A5A18EF3F116254BF3440878CD583A266839BD5325F2F82788F5C6BBC9D87E5D0A5288

Function 0050D6C7 Relevance: .3, Instructions: 286COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70288100a77330f856fece7b5dab9cae106120d5521f059fc8c474936be75213
Instruction ID: e92c3789b398d0cf428db26d9b5acf0c76cd650c35e4b6ea0da8c3bf46e802e4
Opcode Fuzzy Hash: 70288100a77330f856fece7b5dab9cae106120d5521f059fc8c474936be75213
Instruction Fuzzy Hash: F9A136F3F215244BF3584838CD683A2658297A5326F2F82798F9DAB7C9DC7E5D094384

Function 00533518 Relevance: .3, Instructions: 284COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52b8bdd098ad89382f08f33ac1cacfd937cea974433ab5a6b130070f660bbced
Instruction ID: a7354a4a16fe02d38d43450b829f7d1a8d5b681fea893792e5525a7cab25f690
Opcode Fuzzy Hash: 52b8bdd098ad89382f08f33ac1cacfd937cea974433ab5a6b130070f660bbced
Instruction Fuzzy Hash: 29A1AAF3E1063047F3644878DC99362A682EBA5324F2F82398F5CABBC5D87E5C0902C4

Function 005202DA Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cca313205cb7dc75df8620c00031c7206334425113fad2c649ba9cd150ddc6ef
Instruction ID: f2efd4031c57cb63b3c0aff0fcb9c5d802d3779e186b9c9d62109389c1462292
Opcode Fuzzy Hash: cca313205cb7dc75df8620c00031c7206334425113fad2c649ba9cd150ddc6ef
Instruction Fuzzy Hash: 5AA168F3E1062547F3544878CD993A265829B91325F2F83388F6DAB7C6E8BE9D0952C4

Function 00503580 Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6d5899ceabf77618126e71e4e512324cdda391bcbe1e48de12d69a613215844
Instruction ID: 184224d854309def09ef56dc630aa1f0339c3ff804067ffdafa8269cc5ed5a5d
Opcode Fuzzy Hash: c6d5899ceabf77618126e71e4e512324cdda391bcbe1e48de12d69a613215844
Instruction Fuzzy Hash: 359168F3F1162447F3484829DD683A2658397D5325F2F82398B5E6B7C9ECBE5D0A1288

Function 0052B076 Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15a9dfe6cc80098d12cfa6efda461b2d4e8490ed04387f12e872eff8e78d7dc8
Instruction ID: aa845ed4819b291c7d32ef4f8cd029ed1478bd9d8ca9aea5f4fa631e1d591193
Opcode Fuzzy Hash: 15a9dfe6cc80098d12cfa6efda461b2d4e8490ed04387f12e872eff8e78d7dc8
Instruction Fuzzy Hash: F8A1CBB3F116354BF3504939DC983A276839BA1325F2F82788E6CAB7C5D97E6C0952C4

Function 0052C1F6 Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b2d563b18bb61ab256cd8c435ebd15d486e35b86bfd5d6ab0955247e0b9e8f4
Instruction ID: a115882e2ad3ce8c38428a8b717dec26047ea578be9947e3587e793b5254c6cc
Opcode Fuzzy Hash: 9b2d563b18bb61ab256cd8c435ebd15d486e35b86bfd5d6ab0955247e0b9e8f4
Instruction Fuzzy Hash: 28A19BB3E1162547F3544839CC983A26683DBD5321F2F82798E4CABBC9DDBE5D0A5384

Function 00518207 Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d91df0cf27d470d995dc12063b597358d8fb0ec31086e461af89b2b17cb17045
Instruction ID: 8dcd2a68796e7986a9f48ac0a6c7384f41a1a82cdfadaef60a91dfbaa09d73d1
Opcode Fuzzy Hash: d91df0cf27d470d995dc12063b597358d8fb0ec31086e461af89b2b17cb17045
Instruction Fuzzy Hash: 7AA188B3E105354BF3644968CC583A2A683ABA5325F2F82788E9C6B7C5ED7E5C0953C4

Function 004FC030 Relevance: .3, Instructions: 277COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60c188819571359313befb0b930d003331e228e092d1f7c09e556e20c25f395a
Instruction ID: 45b6f8a57eb6e7c1d1284a71cd872e6e36df9eefe7da194566618e58e9f9a5ad
Opcode Fuzzy Hash: 60c188819571359313befb0b930d003331e228e092d1f7c09e556e20c25f395a
Instruction Fuzzy Hash: 10A18AB3F1022547F3440D28CC683A66693EB95324F2F82788F596BBC4DD7E9D0A5384

Function 005395C1 Relevance: .3, Instructions: 277COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a04decb99d989a95ff10314420c1753631e8955480aa93c5d7a41c5a58e78ba
Instruction ID: 0a000286ff8e87b4b16dd6b5a27fcb6d31352a7482c10631acf0b7f9841b53a2
Opcode Fuzzy Hash: 0a04decb99d989a95ff10314420c1753631e8955480aa93c5d7a41c5a58e78ba
Instruction Fuzzy Hash: 8CA176F3F116254BF3544839CC98362A682ABA5324F2F42788F5C6B7C6E87E5D0A43C4

Function 0053A1C6 Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fcc172397a0c66e1c13207f1d0991895c61109bd74ce8e06733b7047910f32a
Instruction ID: a1318aca7ae4e4cb6e0300d5ebbbb94794a26126b6a27c86e4e052ac7a37e855
Opcode Fuzzy Hash: 5fcc172397a0c66e1c13207f1d0991895c61109bd74ce8e06733b7047910f32a
Instruction Fuzzy Hash: EE9189F3F1162547F3444839DD983626683DBE1324F2F82398B5DAB7C6D87E9D0A5288

Function 00531679 Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57cf8a24fa3ef349c065e3ebe618af584c765c610d2d0c1d395e8c7bc2457239
Instruction ID: b2f23a85ab6a15232a830ac0680346db5379b9bd138454c75d29fedebad13254
Opcode Fuzzy Hash: 57cf8a24fa3ef349c065e3ebe618af584c765c610d2d0c1d395e8c7bc2457239
Instruction Fuzzy Hash: 32A159F3F516254BF3544839DDA83622583D7A1325F2F82788F686BBC9DC7E5C064288

Function 00536086 Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12e47478d15945627e187eae1f858b3a78fbd17151e8cea8ae5d68c2f27fbe1e
Instruction ID: 2340f60ed9e8e128bdfdaabd056d91fcffaa92d4574d5d2aae8c6c64568e7bdd
Opcode Fuzzy Hash: 12e47478d15945627e187eae1f858b3a78fbd17151e8cea8ae5d68c2f27fbe1e
Instruction Fuzzy Hash: 63917AB3F012254BF3544D68CC583A27683AB94325F2F82788E5D6B7C9E97E5C0A5384

Function 0050C433 Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6571b6c2648177f742daa28aace681b9f6b008f9778fd7405128f675db33531d
Instruction ID: 0a8f08ce2b5d13d6cd762cb3f43e40b019b7da5fe51c0dfe9a3a31f212d0aced
Opcode Fuzzy Hash: 6571b6c2648177f742daa28aace681b9f6b008f9778fd7405128f675db33531d
Instruction Fuzzy Hash: 09918CB3F916258BF3544D78CC983A26683DB95325F2F82788F486B7C4D9BE5C0A5384

Function 004FB3DC Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e1886a4ca005069a6b2aad782af7f6bf25015ae7dfcfd835b139f23dd6e6302
Instruction ID: 865b79ecba1dcb02b49660b969676cb5e499dc9c5d7403ec0f7179fce5f839d7
Opcode Fuzzy Hash: 9e1886a4ca005069a6b2aad782af7f6bf25015ae7dfcfd835b139f23dd6e6302
Instruction Fuzzy Hash: C49178B3F1112547F3944938CC683A2A643ABD1325F2F82398E5DABBC5DD7E9D0A5384

Function 004FE55A Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df115d0551da63e8e73e3c631b51ad80ca2175ff793e96404b7664afa5455eef
Instruction ID: ae7d6f271dcb9e123f90ca991d61a3c1f6aea6c8cd1c02d53666fb8cf0385827
Opcode Fuzzy Hash: df115d0551da63e8e73e3c631b51ad80ca2175ff793e96404b7664afa5455eef
Instruction Fuzzy Hash: 78918AB3F106254BF3504D79CC983626683ABA5325F2F42798E8C6B7C5E9BE5C064384

Function 0051F683 Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f06cc9a8d0dbfd51045e95d8efb4353a515eb242d032e77281fa302a9bb45290
Instruction ID: 2152b7151e266003139cc126614b2dae89b0dd90178cbb059599221fed6891a9
Opcode Fuzzy Hash: f06cc9a8d0dbfd51045e95d8efb4353a515eb242d032e77281fa302a9bb45290
Instruction Fuzzy Hash: 4C918CB3F115254BF3544D28CC583A27683EB95325F2F82788E486B7C9D97E6D0A5388

Function 005023E7 Relevance: .3, Instructions: 262COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6dc36a76eed30f64921a6cc4236ab8f0beb65a7d6378b16fa1a130121a76688a
Instruction ID: 992b4258754447a4cbdb347b0156e8caca7921ac5d742a9954d7820e56ff404e
Opcode Fuzzy Hash: 6dc36a76eed30f64921a6cc4236ab8f0beb65a7d6378b16fa1a130121a76688a
Instruction Fuzzy Hash: 1F917DB3F116244BF3544979CC983626693EB95311F2F82798E48ABBC9DCBE5C0A53C4

Function 005083F2 Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9972758a25294251121e1966eac504113ce851232cd9e81e43df3a4dd2d230ec
Instruction ID: 61aaf7dbef6c54d4706e5906fc979fcd99b1c5e0880202d237fa3bf5d474bece
Opcode Fuzzy Hash: 9972758a25294251121e1966eac504113ce851232cd9e81e43df3a4dd2d230ec
Instruction Fuzzy Hash: F0919FB3E115254BF3544D29CC483A2B693EBD0321F2F81798E8CAB7C5D9BE9D465384

Function 0053817D Relevance: .3, Instructions: 260COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 958ea279b0ef2a9b3793b7bd8ac50e851dfaecf69bd312ab0c5b4af46bd6205a
Instruction ID: e8ccd85d2c84c264349fae6f0b93b9c1b2d15d320da8f342f7a7ebf8d43272e9
Opcode Fuzzy Hash: 958ea279b0ef2a9b3793b7bd8ac50e851dfaecf69bd312ab0c5b4af46bd6205a
Instruction Fuzzy Hash: F7919F73F106254BF3540D68CC583A2B693EBD5321F2F82788A896B7C9DD7E6C0A5380

Function 0052D27C Relevance: .3, Instructions: 260COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1eab4957a7f2cb2cf11b3c661878d8ce4e0849f149100137f53732590ce8c4a
Instruction ID: 7c63814e94da7308e8ee54065f583d8de1fce7dc3bed755ea382ec83f79cecdb
Opcode Fuzzy Hash: d1eab4957a7f2cb2cf11b3c661878d8ce4e0849f149100137f53732590ce8c4a
Instruction Fuzzy Hash: 819170F3E106254BF3504879DD883A26682E794315F2F82788F9C6BBC9D97E5D0553C8

Function 005264FD Relevance: .3, Instructions: 260COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9519d67a622217e57b14e4a57f5e449d4d1896a04054470d74443bfecbe51b34
Instruction ID: 7ce842887d78a4dd6eddcc23b780189385ac7657dcdb00ab6f7250a07554b244
Opcode Fuzzy Hash: 9519d67a622217e57b14e4a57f5e449d4d1896a04054470d74443bfecbe51b34
Instruction Fuzzy Hash: 0B9178B3F116244BF3484929CC583A27293EB95321F2F81798E4DAB7C5D97E6D0A5388

Function 004B04C6 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00f7fababf904007dcff2eaf7c425e45d6a9557b00b629950081f529d2400e59
Instruction ID: 11bf9f2422b5ef8ac4aa71885f5967c5e3c931a54ea51864a13b3604e827b92b
Opcode Fuzzy Hash: 00f7fababf904007dcff2eaf7c425e45d6a9557b00b629950081f529d2400e59
Instruction Fuzzy Hash: 29B15032618FC18AD325CA3D8855397BED25B97334F1C8B6DA1FA8B3E2D674A1028715

Function 0050C024 Relevance: .3, Instructions: 256COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b2232db8d5a27b68e70d2e41e945873800f21da6d14277c99d7ad7069b3885b
Instruction ID: 04e2e62543436a5e2c61bbdfb1c966b9e2e4a1685baf4f2e32b8b9a259928349
Opcode Fuzzy Hash: 0b2232db8d5a27b68e70d2e41e945873800f21da6d14277c99d7ad7069b3885b
Instruction Fuzzy Hash: BF91AEB3E115258BF3504E28DC583A27693EB95321F2F82788E8C6B7C4E97F6D459384

Function 004FC49F Relevance: .3, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7527d09e81c9ee9761eb40220d07ff47d7be024e4e05925707ab177bcc996a0a
Instruction ID: c0437800956e425b562c8eecf0592f85df55fd51d97b0faf689bf703fab5f7fe
Opcode Fuzzy Hash: 7527d09e81c9ee9761eb40220d07ff47d7be024e4e05925707ab177bcc996a0a
Instruction Fuzzy Hash: 839169B7F106254BF3504D3ACD583A276839B95311F2F41788E4CAB7C5E9BE6D0A5384

Function 004F6700 Relevance: .3, Instructions: 253COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1ec71bb1df98c4bd84799fb22600c6e17691b77b49f1467d71367828211069e
Instruction ID: ab8354f8554a04dc1ba5c641dd74d437749360236902d5d56ee9c6e22a7be589
Opcode Fuzzy Hash: e1ec71bb1df98c4bd84799fb22600c6e17691b77b49f1467d71367828211069e
Instruction Fuzzy Hash: 379168B3F116254BF3540929CC983A26293DBD5325F2F82788F586B7C9DD7E6C0A5384

Function 0051251B Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 264e31aa33b0647ba365c371824930ab3fadb465b9b78d24bcac947b4005495e
Instruction ID: f74403d08080dd33013cc24345b0ed43b8325213b44ae23369bebb0ada3217ac
Opcode Fuzzy Hash: 264e31aa33b0647ba365c371824930ab3fadb465b9b78d24bcac947b4005495e
Instruction Fuzzy Hash: 0F81BAF3E116214BF3444938CC583A27692AB94325F2F82788F9CAB7C5ED7E6C0942C4

Function 004D0460 Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: fcd12af286fc47f75aef308065735fa392942c8344f6015d43326600f80a7a03
Instruction ID: b02d17db934696c9c9ea0ac61c507b9cf34ab040fbb446046e29e58d2554cd0e
Opcode Fuzzy Hash: fcd12af286fc47f75aef308065735fa392942c8344f6015d43326600f80a7a03
Instruction Fuzzy Hash: 646126356043019BD714DF18D8A0B3FB7A2EBC5720F19852FE9858B391EB34DC61979A

Function 005391B9 Relevance: .2, Instructions: 248COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 379245ea659013ae7cad3bef49cfac6f313aa55c21e0ebe174c7f78d99b315b2
Instruction ID: 1756216957922f86f99b63a150212b2991f676de5569c5091c6df196c8c31681
Opcode Fuzzy Hash: 379245ea659013ae7cad3bef49cfac6f313aa55c21e0ebe174c7f78d99b315b2
Instruction Fuzzy Hash: 4081ACE3F116244BF7544969CCA83626683DBD5325F2F82788F592B7C9ED7E2C0A4384

Function 0052B503 Relevance: .2, Instructions: 248COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e625208d651f7757763d985ea3255a318ce8068afb8831eb91306564c89158e
Instruction ID: 9aa17453936acf4903bc04c5ae0933cf94ffe9344a79f9bc5271386a6b4ac04b
Opcode Fuzzy Hash: 7e625208d651f7757763d985ea3255a318ce8068afb8831eb91306564c89158e
Instruction Fuzzy Hash: 638188B3F105254BF3484D39CC683A27693EB95325F2F42388A596B7C5ED7E6C0A5384

Function 0051B738 Relevance: .2, Instructions: 248COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfeaabf9b50be5743db9162916486081226e0740df61c1171b943ba107082f04
Instruction ID: 3e8bf3587a917113a8448ebc37da278dc191ab158f8b62729e7ff68c4ff36630
Opcode Fuzzy Hash: cfeaabf9b50be5743db9162916486081226e0740df61c1171b943ba107082f04
Instruction Fuzzy Hash: A4817CB3F1162547F3544978CC883A16683EBA5315F2F82788F9CABBC9D87D5D095284

Function 004F33C5 Relevance: .2, Instructions: 247COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9e21098804fb3c07f179e45476bd98b29e273c14c143d9ecbaff44da386aa69
Instruction ID: 856285b4bbbddd000d2bd6928e70da9f439a13b86c9f04979f8ff8c899831b3b
Opcode Fuzzy Hash: b9e21098804fb3c07f179e45476bd98b29e273c14c143d9ecbaff44da386aa69
Instruction Fuzzy Hash: 0A816DB3F216254BF3840D28DC983A27283EB95315F2F81798B489B7D5DD7EAD095388

Function 0051D2F7 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e502486ae26a9a832e442b461a7e9e053db4078b1f8a121467cce66667afafb
Instruction ID: 967841a86cfe0477aeb1516d7af0d15f145d0081142a33635f96531b73ce7ee3
Opcode Fuzzy Hash: 6e502486ae26a9a832e442b461a7e9e053db4078b1f8a121467cce66667afafb
Instruction Fuzzy Hash: F8818AB3F111244BF7540E68CD983A2B653EB95310F2F82788A496B7C8DDBE6D0993C4

Function 004CC5A0 Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 7b2ee44d4f7013798fd3d3dedd44ed3d98182aa8e8127661aafafc9b1979f09b
Instruction ID: 2c3f89187e58a79ffcaeb94fcff3cc71d07df7f7ba3cd0cf484393d9c1acd61d
Opcode Fuzzy Hash: 7b2ee44d4f7013798fd3d3dedd44ed3d98182aa8e8127661aafafc9b1979f09b
Instruction Fuzzy Hash: 54514879B093054BD758AF28C880B2FB7D2EBD5310F19897EE4C997391E6359C128B8D

Function 0051E436 Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d34d9b0408b4d2a71237d12724c65a9117e4d0f8d44af91580943387535aca69
Instruction ID: 2f0f75a501c95719d0127cc794fd091e7780ec274561a4a49de6a04b6ee8497d
Opcode Fuzzy Hash: d34d9b0408b4d2a71237d12724c65a9117e4d0f8d44af91580943387535aca69
Instruction Fuzzy Hash: 6C8156F3F116254BF3444929DC983A26643ABD5325F3F82398F5C2B3C5D97E6C1A9288

Function 00538577 Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5762c6d1781d7d83423305aa9f08826a82353eb706db461ae3bfac7402428f1
Instruction ID: 5780a8199a95b352cf931bb145ce056f5c673ce856400f121e69f3147f702632
Opcode Fuzzy Hash: e5762c6d1781d7d83423305aa9f08826a82353eb706db461ae3bfac7402428f1
Instruction Fuzzy Hash: 0481B2B3F116258BF3544E28CC543A27253EB96325F2F8278CE486B7C5D97E6C0A9784

Function 0050E332 Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14d2c75cac73a0c58f3a20aec3d70330900ca6bb32234c81bbd19d25e87a4b6f
Instruction ID: 89cca2bb8505faa91fb3786f4fc9c8df832c0e8d08ea1973ad39e74ec4e596af
Opcode Fuzzy Hash: 14d2c75cac73a0c58f3a20aec3d70330900ca6bb32234c81bbd19d25e87a4b6f
Instruction Fuzzy Hash: C8818BF7E5063547F3540928DC993A266829BA4328F2F42788F9C6B7C2E87E5D0553C4

Function 005196E5 Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5e91de1633857297875690d9534a0e13fbb07ee3e0cd00a8227c1c8b4d5585c
Instruction ID: 7f61fdd99011727e8600242892fafa1ae9501641b28ee7ef6776be42d999b197
Opcode Fuzzy Hash: b5e91de1633857297875690d9534a0e13fbb07ee3e0cd00a8227c1c8b4d5585c
Instruction Fuzzy Hash: EA816CF3F206244BF3544D29DC983A26283E7A5325F2F82788E5C6B7C5E97E9D095384

Function 004FD5E0 Relevance: .2, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 855d078557efe98cc050c79468a98cdf30d5a37d69000bc2da77e186d71ad3de
Instruction ID: 693bf1f76cdd7c598936c97b95ced40a159609cf7031df6d2c3ddf99a6190f47
Opcode Fuzzy Hash: 855d078557efe98cc050c79468a98cdf30d5a37d69000bc2da77e186d71ad3de
Instruction Fuzzy Hash: 9B817AF3E116254BF3544928CC983A26683E794325F2F82788F4C6BBC9D97E6D095388

Function 004F16C8 Relevance: .2, Instructions: 225COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 908122a3b3f6617ba298cbf4d0872db3ad301b62aa74ed8b135dce862f9956d2
Instruction ID: 7ee6a677a8e1b638230bbf03438cf007e15661f8e905c30e80c3aed2002da44f
Opcode Fuzzy Hash: 908122a3b3f6617ba298cbf4d0872db3ad301b62aa74ed8b135dce862f9956d2
Instruction Fuzzy Hash: 227177B7F1062547F3584974CCA83B27282EBA1311F2F81388F896BBC9E97E5D095284

Function 005041AE Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76c7de06373061cc4d5ab13457291701bcde423a015e846ea30b3254d6a825f5
Instruction ID: 8deb097cc91642a310b90b58369c7a25bc296986c5cf91a70a2387119ba5c6b9
Opcode Fuzzy Hash: 76c7de06373061cc4d5ab13457291701bcde423a015e846ea30b3254d6a825f5
Instruction Fuzzy Hash: 587157F3F116254BF3540969CC583A2A682ABA4325F2F42788F8C7B7C5D97E5D0653C8

Function 00516007 Relevance: .2, Instructions: 223COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 840304ae7bf76d0a3d78734134e51d345bc19929e78e6d658ddaad32cb5eed5e
Instruction ID: 46d2fbd7f02e96cac5fa707baae0ce33933a5349d3f6e6a73ae2a8553986309e
Opcode Fuzzy Hash: 840304ae7bf76d0a3d78734134e51d345bc19929e78e6d658ddaad32cb5eed5e
Instruction Fuzzy Hash: 3371AFB3E1152547F3904D65DC583A26283EBD4325F2F81788E4CAB7C5ED7E9D0A5384

Function 0053038F Relevance: .2, Instructions: 221COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc45124e382b1623dc509abf8a1f4360f7dde211f6f44e30cd7697ecab3e1968
Instruction ID: 780baa118607d7c7b84857b4391f9c108dcca7663dff6c66f865e19d1677de65
Opcode Fuzzy Hash: fc45124e382b1623dc509abf8a1f4360f7dde211f6f44e30cd7697ecab3e1968
Instruction Fuzzy Hash: AC71BBB3F506244BF3584D29CC983A27283EB95314F2F42788F496B3C5E9BE6C095384

Function 0052C67E Relevance: .2, Instructions: 221COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 095e2b38ef9c55fb86565e83bdcefe57235727f49d32211a8105184f4e557b53
Instruction ID: 715ff0f437059c1ebf7bfa16b99ef74a9ef9780ceb96e09502dc26334dead915
Opcode Fuzzy Hash: 095e2b38ef9c55fb86565e83bdcefe57235727f49d32211a8105184f4e557b53
Instruction Fuzzy Hash: B3717AB3F106244BF3544D69CC983627693EB95311F2F82798E886B7C9DD7E6C0A5284

Function 004AE630 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 600c8d6129ee7e206a524ccf0ed156e752b00333e7fa05bc0c1773f1b6737ea9
Instruction ID: b74024f24afe1c8568d75631aa03e07ca805d6f5bf5558fa83af63549c4f0b74
Opcode Fuzzy Hash: 600c8d6129ee7e206a524ccf0ed156e752b00333e7fa05bc0c1773f1b6737ea9
Instruction Fuzzy Hash: D161F722A4A6904BE328893D4C213A66E930BE7330F6DC76FE9B5873E5D56D4C065346

Function 00515561 Relevance: .2, Instructions: 210COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef479ee952bed760032e1d564b64ca8544a1b07aa6b9d73e71d2579f405c9a22
Instruction ID: 84f306e06e14ef365ea13e6badab03d06b6b0e9769500c59e15c077a592e4bf9
Opcode Fuzzy Hash: ef479ee952bed760032e1d564b64ca8544a1b07aa6b9d73e71d2579f405c9a22
Instruction Fuzzy Hash: 44611AF7F526314BF3944869DC5836265839BE0325F2F82788F5CAB7C5E87E5C0A4288

Function 00537693 Relevance: .2, Instructions: 209COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d863dc985cd7bf44a6ee771c9a10f4bf835b4004baba488a814fdc146bfb441
Instruction ID: dd6180aa9a15dd70dae28a43fa8aa14d239273be2a223ccb520839c0adc8ac7a
Opcode Fuzzy Hash: 9d863dc985cd7bf44a6ee771c9a10f4bf835b4004baba488a814fdc146bfb441
Instruction Fuzzy Hash: B27169B3E115258BF3144E69CC88361B293EB95311F2F41B88A8C6B7C5DA7E6C459384

Function 005087FF Relevance: .2, Instructions: 205COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31379cb2eb85d0d1f2db29577469d1b600f8a3b09aaf7ba14d83fc905437cdf4
Instruction ID: 06a244633b758a78698a2fd002360dd847ff4d2ccdf1a390ff5ce276276d509d
Opcode Fuzzy Hash: 31379cb2eb85d0d1f2db29577469d1b600f8a3b09aaf7ba14d83fc905437cdf4
Instruction Fuzzy Hash: 9C6179B3F106254BF3584D64CCA83B27283EB95321F2F82798A596B7C5ED7E5C0A5384

Function 004F81FB Relevance: .2, Instructions: 195COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b43f51aac31f04e545ff4f20605dbaa676e5ea65bb5ab5e1dc04924ba82c45f
Instruction ID: 70999a5bc0dcd013023dc6308125c0cd1f1d914c96ddd9073558c96a79f20c64
Opcode Fuzzy Hash: 1b43f51aac31f04e545ff4f20605dbaa676e5ea65bb5ab5e1dc04924ba82c45f
Instruction Fuzzy Hash: 59617AB3E0053447F3684D28CC683A662929B99321F2F427C8F8D6B7C5E97E6D0953C4

Function 004C8650 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a45266db1437416af79d9adcadb7b94d59e0e3cef13ad0bacd323e30fe01f4a8
Instruction ID: 047d05a2869f1ed6b4350080ba93621d353baf19963d4e28468d8d6d17159ca3
Opcode Fuzzy Hash: a45266db1437416af79d9adcadb7b94d59e0e3cef13ad0bacd323e30fe01f4a8
Instruction Fuzzy Hash: 60517DB56087448FE314DF29D89475BBBE1BBC4318F044A2EE4E983350E779DA088F96

Function 0050D3DD Relevance: .2, Instructions: 177COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4838149ae4d138f558099567e2cefa2ea4419c786330dbfdd965abb5ae021cb3
Instruction ID: 2f026da093bac2a6e15f0b3ba8e56a04b3139a6e79f381544131da9a1c7ef9cd
Opcode Fuzzy Hash: 4838149ae4d138f558099567e2cefa2ea4419c786330dbfdd965abb5ae021cb3
Instruction Fuzzy Hash: 7051B9F3F106250BF3484978CC9837266839BA5325F2F42788F1D6B7C6E97E6D0A5284

Function 004BF377 Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1cb5922c5576953db60833bfa0e16f2b60de52b0c8f209bf25eaf603a984fe8d
Instruction ID: 2b7c85cc8738822c5720f492637783b6c2b231055464ed04ad1f4a8d2d06bc5d
Opcode Fuzzy Hash: 1cb5922c5576953db60833bfa0e16f2b60de52b0c8f209bf25eaf603a984fe8d
Instruction Fuzzy Hash: 3561F672744B418FC728CE3CC8913E6BBD2AB95314F198A3DD4BBCB385EA78A4058715

Function 004E70BB Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc87cd2449b9739c46b89c5e97b9d937b32cd3675cb8114c80f9618556c6e8eb
Instruction ID: af08c018adb997f3d196b36874f503009e91036803ca4f6161e150bb7883e3b4
Opcode Fuzzy Hash: dc87cd2449b9739c46b89c5e97b9d937b32cd3675cb8114c80f9618556c6e8eb
Instruction Fuzzy Hash: B051BBF7F547104BF3484869DCC83A26682E7A4320F2F42398F18AB7D5D8BE5C0A5384

Function 004CF18B Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca3e770be95cedd130bf6446eae0feabd3212664a4193e7c2e175027fe0e947c
Instruction ID: 902372812cf51b61e33f1f291df1c8815a157a6350e5db1b5c9d960325fc8de3
Opcode Fuzzy Hash: ca3e770be95cedd130bf6446eae0feabd3212664a4193e7c2e175027fe0e947c
Instruction Fuzzy Hash: C141F4367187514BD719CE38889127BFBD39BDA300F1D887ED8C2C7296D529E90A8B85

Function 0050F1A2 Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 995e6eeb9e0d2cf37383757ef51d6dbef6a3e394ac49d974d5f9a8c1bfce6076
Instruction ID: a05ef0250146d00512125223ca3cd60beff1aa1c366b9ece4bedb3d18963c06c
Opcode Fuzzy Hash: 995e6eeb9e0d2cf37383757ef51d6dbef6a3e394ac49d974d5f9a8c1bfce6076
Instruction Fuzzy Hash: 3B518AB7E115288BF3544E24CC283B27292EB95311F2F417D8E996B3C1D97F6D099384

Function 004AB57D Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f9941635e6b22987c9b18592890fb50766e4840455ebb69285ac13f8ebfb89e
Instruction ID: a0b6b862245993d6bc59dd68a321a2cda021fd4efd757e6df68dd6eb6d24a846
Opcode Fuzzy Hash: 2f9941635e6b22987c9b18592890fb50766e4840455ebb69285ac13f8ebfb89e
Instruction Fuzzy Hash: CB3127605047D08BDB3A8B3694A1B737FE0DF37308F18489ED1E38B693D62A9509C796

Function 005327CF Relevance: .1, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7d0dc41af41c4e0729cb6d8791e7a5d6ceee7c5e8a5ce38e415d41211e6a79b
Instruction ID: 00b84684e80ee8c3a6419bc1cc710e18a8173c5ee530c8d8d41af484cdfb4292
Opcode Fuzzy Hash: f7d0dc41af41c4e0729cb6d8791e7a5d6ceee7c5e8a5ce38e415d41211e6a79b
Instruction Fuzzy Hash: F751BDB3F106244BF3548939CC993A27683EB96311F2F82788E19AB3D5DD7E5D095388

Function 004C2070 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b12f77a560fe5814f6ff20964a7229acee86bb8757bd5bb69a16e6ef2fde4ae1
Instruction ID: 850a6b9fe48a2cac872686ccf2c3d0eae4772bc0995be935488dbd82869eba95
Opcode Fuzzy Hash: b12f77a560fe5814f6ff20964a7229acee86bb8757bd5bb69a16e6ef2fde4ae1
Instruction Fuzzy Hash: 97815CB411A380DBC374DF05D5A86ABBBE1BF89708F50891FD4884B350DBB86549CF9A

Function 00501119 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2a475b1202913bdad169cae30347f895285de081b90cfbf591950a361c0336c
Instruction ID: fcb34f8d085d50afb4261a8946381d577505f30cbdb11040f740eed025c84e33
Opcode Fuzzy Hash: b2a475b1202913bdad169cae30347f895285de081b90cfbf591950a361c0336c
Instruction Fuzzy Hash: A6312BF3F51A214BF358486ACD59366548397E4325F2F83358F6C5B7C5D8BE8C060284

Function 0052F63D Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16be343369d599a80ca9b9f58ea10c6a5c10ffa225cd28f9b564a2d10471d4a0
Instruction ID: f2b2fe529345f1c4234ab1284b1317167e5655af7ad0e61f6022d983f89652cf
Opcode Fuzzy Hash: 16be343369d599a80ca9b9f58ea10c6a5c10ffa225cd28f9b564a2d10471d4a0
Instruction Fuzzy Hash: 65313CF7F50A214BF35848BADD983A255829BD5325F2F83788F6C6BAC5D8BD5C0602C4

Function 004CA440 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 257f930fff8ac5571b740c804d3fe8f9527e358f99b749092fc537f7b3a7f2a5
Instruction ID: 209b8f09a4c12336e86fb6e1e9f95373c6d2a652500832f516d721a1d2e5e567
Opcode Fuzzy Hash: 257f930fff8ac5571b740c804d3fe8f9527e358f99b749092fc537f7b3a7f2a5
Instruction Fuzzy Hash: 80310876A086084BC7599D3D4C5076BBA939BC5338F29C73FEA778B3C1DA788C514246

Function 00517051 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbf202cd4fd4f0ed7aff126d6f56fec58f18cabb15370888f0b62f2df70a9974
Instruction ID: 74ce35d8e9d69d456d77f8f350845bff4a02624888c8153039c908068b06c80a
Opcode Fuzzy Hash: dbf202cd4fd4f0ed7aff126d6f56fec58f18cabb15370888f0b62f2df70a9974
Instruction Fuzzy Hash: 903148B3F6161547F3984834CDA93766683E395324F2B823E8B9A9B7C5DC7D980A1284

Function 005033F9 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33e91f619c208fed75c4a3d031296112387a6cbd9d9f2a17c6a580141e245b65
Instruction ID: be2a8264929cf339c1c94da584c86df7c30853bb58c69c8b26e95f83c6caee59
Opcode Fuzzy Hash: 33e91f619c208fed75c4a3d031296112387a6cbd9d9f2a17c6a580141e245b65
Instruction Fuzzy Hash: 473144B3E2193107F35448B9CD983A2908797D8324F2F82798F6CA7AC2DCBD4D0A12C4

Function 00538015 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d194d7af97570d1ac590111f790bdeac8c0960bc5dcd57fb304e63eedfc55b05
Instruction ID: 5af45e96b6cfdc193992a51def79716018718123497b24685080fa259162e04a
Opcode Fuzzy Hash: d194d7af97570d1ac590111f790bdeac8c0960bc5dcd57fb304e63eedfc55b05
Instruction Fuzzy Hash: 72216DF3F61A2107F3588879CD893A2618397E4325F3F82388B5C9B7C9DCBD98064284

Function 005016BE Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93a00b1dab7c9d26ff235aa5c3dd5d70b47b8bdddd624d091f8967e133889bdf
Instruction ID: d4fc4c732dd717d6002a4b5ff4eaf30566ee95e7453c7278d67d76ef2e7af2be
Opcode Fuzzy Hash: 93a00b1dab7c9d26ff235aa5c3dd5d70b47b8bdddd624d091f8967e133889bdf
Instruction Fuzzy Hash: 44219DF7F105200BF7588879CD683A269829795320F1F8279CF5DAB7C5D8BC4C0A42C4

Function 004E9040 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9375bda7cd589c16af40568be4351f0c125d4a400ac12a2c49909939b16345a8
Instruction ID: 8e5d017451aa414f8132723e216dbc0475b047862baec9242fd39792ba52cde7
Opcode Fuzzy Hash: 9375bda7cd589c16af40568be4351f0c125d4a400ac12a2c49909939b16345a8
Instruction Fuzzy Hash: 432174B090428EDFEB05CF5685041EF7BA6FF46322F70452BE80187A82D7760D61AB5E

Function 00500589 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77ca60bdc16cabe7f031f1a78f63a396351bf00ffcc1309cc5f5e7d8cccd7aa9
Instruction ID: e881dc9d6347069eff7d0cd52536d8c207bfcd6e3cf7b36c99828a4060e54b36
Opcode Fuzzy Hash: 77ca60bdc16cabe7f031f1a78f63a396351bf00ffcc1309cc5f5e7d8cccd7aa9
Instruction Fuzzy Hash: AE2106B3F4062447F748882ACDA93A6A1839BE5315F1F81798B4DAB7C5ECBE5C065284

Function 00537557 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 083e52aaf87320d967f3306e1e1435c2c6b99eba62692eaa131e3a3e72368d54
Instruction ID: bdf5c58bc5b070a129f13efd4527c5fd9fb8e281653788eb70ee862786abcf40
Opcode Fuzzy Hash: 083e52aaf87320d967f3306e1e1435c2c6b99eba62692eaa131e3a3e72368d54
Instruction Fuzzy Hash: C5217CB3E505304BF39848B8CD5A3A665829784320F2F423A8F0E777C5DCBE1C0542C8

Function 00516741 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ce4d509eaa616663d189cc258aa55986824f961fc6dba2643f499fd11b56842
Instruction ID: 3feaf4898cdab2dd9d0e4481fe19110ecb069abbd53ec0b21b43bb0f47c31b82
Opcode Fuzzy Hash: 8ce4d509eaa616663d189cc258aa55986824f961fc6dba2643f499fd11b56842
Instruction Fuzzy Hash: 762156E7E5162247F7984838CD983626643EB91311F2FC2388B696BBC8EC7D98094284

Function 005A3391 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b5fb8e48a52da93dcf23f0144b04ff21a45e7b2cf0f0a2ffd2ecf7a7f7f9a2e
Instruction ID: f0fbcdc97f8c58df7244f257d40d8dcbccbb08c8a100bc96af84bae067de5479
Opcode Fuzzy Hash: 4b5fb8e48a52da93dcf23f0144b04ff21a45e7b2cf0f0a2ffd2ecf7a7f7f9a2e
Instruction Fuzzy Hash: AC11E2F3F146108BF3489979ED89367B696DBD4304F1BC639DB94933C9E838580646CA

Function 004C6210 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction ID: e3d6594ab88918c45938ff11f9d4dc5ab3c9d90f3dc98efd2d9e2076a83fd757
Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction Fuzzy Hash: C811E937A051D40ED3169D3C8540A65BFE30AD3734B1AC3DEF4B89B2D2D6268D8A9359

Function 004AC300 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d915abd692c596d351a76ef7c44155bf2f7634e88133afcabaf1f94f6f3ee80c
Instruction ID: fb95978150bc021ad9221b7c233b4fc0405fa28b9d539d57f0d9a87358b5bde9
Opcode Fuzzy Hash: d915abd692c596d351a76ef7c44155bf2f7634e88133afcabaf1f94f6f3ee80c
Instruction Fuzzy Hash: 15F04460104B914ADB728F398564373BFF09F23318F545A4DC9D3576D2D37AD10A8798

Function 004BE0DA Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
Instruction ID: 84f0c456cecf5213c7e6d94f8779f8855d9258f8f9983c8aff8800492a3e7a4e
Opcode Fuzzy Hash: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
Instruction Fuzzy Hash: A8F06C104087E246D723473E44516F3BFD09B53120B241BD6C8E2973C7C3199457C77A

Function 004BD116 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff0a9c8d5de8089f1f821820f76b68d44766ee08ac211c3620b86c44bba25d35
Instruction ID: 63e1ed53f6a2441f62f4a9207c8b38f34ffa3f9089a4d90b0b96248e6116baa6
Opcode Fuzzy Hash: ff0a9c8d5de8089f1f821820f76b68d44766ee08ac211c3620b86c44bba25d35
Instruction Fuzzy Hash: B801F9716442829BD308CF38CCA0577FBA1EB86364F08D79EC45687796C638D442C799

Function 004B37D6 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1767298526.0000000000491000.00000040.00000001.01000000.00000003.sdmp, Offset: 00490000, based on PE: true

Associated: 00000000.00000002.1767287028.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767298526.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767348103.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767360723.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767374452.00000000004F0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767385704.00000000004F1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767477633.0000000000660000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767490311.0000000000663000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.000000000067B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767505470.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767566216.0000000000690000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767579693.0000000000693000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767595981.00000000006A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767607406.00000000006A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767623554.00000000006C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767717128.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767734589.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767748201.00000000006EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767761376.00000000006F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767773720.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767784751.00000000006FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767795907.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767808388.000000000070A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767818934.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767829207.000000000070C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767842252.0000000000713000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767858379.0000000000724000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767871040.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767960283.0000000000732000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.0000000000734000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1767973953.000000000075D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768009181.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768020757.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768031403.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768042198.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768053460.0000000000787000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768064559.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768075257.000000000078F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768100492.000000000079D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1768111675.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_490000_Y4svWfRK1L.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d45f3412b9425c107858d604509bf99a0c022d71dcf9590ba057c402fc33822c
Instruction ID: 01f67adbf23af24d08924f4e76a7057764affe99ad5e837d25827c98d75719a2
Opcode Fuzzy Hash: d45f3412b9425c107858d604509bf99a0c022d71dcf9590ba057c402fc33822c
Instruction Fuzzy Hash: FEB092B0A0D2018A83088F00E140079EAB8628F202F30A42E904AA3215C620C1018A9D

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Y4svWfRK1L.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

Windows Analysis Report
Y4svWfRK1L.exe

Function 0049B100 Relevance: 19.2, Strings: 15, Instructions: 425
COMMON

Function 00498600 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 356
COMMON

Function 004CE110 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Function 004D1720 Relevance: 1.4, Strings: 1, Instructions: 158
COMMON

Function 00499D1E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 142
libraryCOMMON

Function 0049EF53 Relevance: 1.6, APIs: 1, Instructions: 118
COMMON

Function 004CE0A0 Relevance: 1.5, APIs: 1, Instructions: 31
memoryCOMMON

Function 0049EC77 Relevance: 1.5, APIs: 1, Instructions: 29
COMMON

Function 00499EB7 Relevance: 1.5, APIs: 1, Instructions: 18
networkCOMMON

Function 004CC570 Relevance: 1.5, APIs: 1, Instructions: 15
memoryCOMMON

Function 004CC55C Relevance: 1.5, APIs: 1, Instructions: 5
memoryCOMMON