Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1538055
MD5:	4a1a4df1c161219662bd9bcbe281e2f6
SHA1:	78c70f5fd15a84369836b2128a5835f8aa366598
SHA256:	f203b5df54658f1c7e1d3510451e8e4c19bbee0b175f53ca4eb3f0405024cad2
Tags:	exeuser-Bitsight
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for domain / URL

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Hides threads from debuggers

LummaC encrypted strings found

Machine Learning detection for sample

PE file contains section with special chars

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Detected potential crypto function

Entry point lies outside standard sections

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

file.exe (PID: 5004 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 4A1A4DF1C161219662BD9BCBE281E2F6)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["dissapoiznw.store", "mobbipenju.store", "licendfilteo.site", "clearancek.site", "bathdoomgaz.store", "studennotediw.store", "eaglepawnoy.store", "spirittunek.store"], "Build id": "4SD0y4--legendaryy"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Suricata Signatures

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-20T06:40:03.420827+0200	2056477	1	Domain Observed Used for C2 Detected	192.168.2.5	57791	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-20T06:40:03.352772+0200	2056471	1	Domain Observed Used for C2 Detected	192.168.2.5	60623	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-20T06:40:03.398893+0200	2056481	1	Domain Observed Used for C2 Detected	192.168.2.5	54291	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-20T06:40:03.386629+0200	2056483	1	Domain Observed Used for C2 Detected	192.168.2.5	49539	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-20T06:40:03.450475+0200	2056473	1	Domain Observed Used for C2 Detected	192.168.2.5	49662	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-20T06:40:03.365155+0200	2056485	1	Domain Observed Used for C2 Detected	192.168.2.5	55248	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-20T06:40:03.431067+0200	2056475	1	Domain Observed Used for C2 Detected	192.168.2.5	60389	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-20T06:40:03.410045+0200	2056479	1	Domain Observed Used for C2 Detected	192.168.2.5	56223	1.1.1.1	53	UDP

ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-20T06:40:05.318442+0200	2858666	1	Domain Observed Used for C2 Detected	192.168.2.5	49704	104.102.49.254	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Found malware configuration

Source: file.exe.5004.0.memstrmin

Malware Configuration Extractor: LummaC {"C2 url": ["dissapoiznw.store", "mobbipenju.store", "licendfilteo.site", "clearancek.site", "bathdoomgaz.store", "studennotediw.store", "eaglepawnoy.store", "spirittunek.store"], "Build id": "4SD0y4--legendaryy"}

Multi AV Scanner detection for domain / URL

Source: mobbipenju.store	Virustotal: Detection: 21%	Perma Link
Source: spirittunek.store	Virustotal: Detection: 21%	Perma Link
Source: bathdoomgaz.store	Virustotal: Detection: 21%	Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: clearancek.site
Source: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: licendfilteo.site
Source: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: spirittunek.store
Source: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: bathdoomgaz.store
Source: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: studennotediw.store
Source: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: dissapoiznw.store
Source: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: eaglepawnoy.store
Source: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: mobbipenju.store
Source: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: clearancek.site
Source: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: 4SD0y4--legendaryy

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.5:49704 version: TLS 1.2

Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00A150FA
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_009DD110
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_009DD110
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh	0_2_00A163B8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	0_2_00A199D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h	0_2_00A1695B
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	0_2_009DFCA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00A16094
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then dec ebx	0_2_00A0F030
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, dword ptr [edx]	0_2_009D1000
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	0_2_009E6F91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	0_2_00A14040
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	0_2_009FD1E1
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_009E42FC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_009F2260
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [esi], ax	0_2_009F2260
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00A023E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00A023E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00A023E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_00A023E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00A023E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+14h]	0_2_00A023E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebp, eax	0_2_009DA300
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh	0_2_00A164B8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp], 00000000h	0_2_009EB410
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_009FE40C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_009ED457
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx eax, word ptr [esi+ecx]	0_2_00A11440
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	0_2_009FC470
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [ecx+esi+25h]	0_2_009D8590
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh	0_2_00A17520
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_009F9510
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_009E6536
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_00A0B650
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_009FE66A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_009FD7AF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+08h]	0_2_00A167EF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00A15700
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [edi+eax]	0_2_00A17710
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_009F28E9
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+edi]	0_2_009D49A0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h	0_2_00A13920
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h	0_2_009ED961
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_009E1ACD
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_009E1A3C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+ebx]	0_2_009D5A50
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	0_2_00A14A40
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_00A00B80
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+40h]	0_2_009E1BEE
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_009E3BE2
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	0_2_00A19B60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+000006B8h]	0_2_009EDB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h	0_2_009EDB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_009FAC91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [edx], ax	0_2_009FAC91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00A19CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh	0_2_00A19CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h	0_2_009FCCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_009FCCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h	0_2_009FCCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh	0_2_00A0FC20
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h	0_2_009F7C00
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [eax+esi+02h], 0000h	0_2_009FEC48
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00A18D8A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh	0_2_009FFD10
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_009FDD29
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+40h]	0_2_009E1E93
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp byte ptr [ebx], 00000000h	0_2_009E6EBF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [ebp+00h]	0_2_009DBEB0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [ecx+esi]	0_2_009D6EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	0_2_009E0EEC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edi, ecx	0_2_009E4E2A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, word ptr [ecx]	0_2_009FAE57
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_009F5E70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_009F7E60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	0_2_009E6F91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [edx], 0000h	0_2_009EFFDF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_009D8FD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h	0_2_00A17FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00A17FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00A15FD6
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00A0FF70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_009F9F62

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.5:57791 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.5:54291 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.5:56223 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.5:60389 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.5:60623 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.5:49662 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.5:55248 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.5:49539 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.5:49704 -> 104.102.49.254:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: dissapoiznw.store
Source: Malware configuration extractor	URLs: mobbipenju.store
Source: Malware configuration extractor	URLs: licendfilteo.site
Source: Malware configuration extractor	URLs: clearancek.site
Source: Malware configuration extractor	URLs: bathdoomgaz.store
Source: Malware configuration extractor	URLs: studennotediw.store
Source: Malware configuration extractor	URLs: eaglepawnoy.store
Source: Malware configuration extractor	URLs: spirittunek.store

Source: Joe Sandbox View

IP Address: 104.102.49.254 104.102.49.254

Source: Joe Sandbox View

ASN Name: AKAMAI-ASUS AKAMAI-ASUS

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: global traffic

HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

Source: file.exe, 00000000.00000002.2076794906.00000000016D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C0e3d185a3e106e73b244decdec33a0ea; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=4310b6566086a755f4eb0aca; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type25258Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveSun, 20 Oct 2024 04:40:05 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: clearancek.site
Source: global traffic	DNS traffic detected: DNS query: mobbipenju.store
Source: global traffic	DNS traffic detected: DNS query: eaglepawnoy.store
Source: global traffic	DNS traffic detected: DNS query: dissapoiznw.store
Source: global traffic	DNS traffic detected: DNS query: studennotediw.store
Source: global traffic	DNS traffic detected: DNS query: bathdoomgaz.store
Source: global traffic	DNS traffic detected: DNS query: spirittunek.store
Source: global traffic	DNS traffic detected: DNS query: licendfilteo.site
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com

Source: file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:27060
Source: file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074451497.0000000001668000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.steampowered.com/
Source: file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
Source: file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkout.steampowered.com/
Source: file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/
Source: file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/css/globalv2.css?v=dQy8Omh4p9PH&l=english
Source: file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/css/skin_1/fatalerror.css?v=wctRWaBvNt2z&l=english
Source: file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/css/skin_1/header.css?v=pTvrRy1pm52p&l=english
Source: file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/global.js?v=7qlUmHSJhPRN&l=english
Source: file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
Source: file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
Source: file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL&l=
Source: file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/css/buttons.css?v=-WV9f1LdxEjq&l=english
Source: file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/css/motiva_sans.css?v=v7XTmVzbLV33&l=english
Source: file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/css/shared_global.css?v=uF6G1wyNU-4c&l=english
Source: file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/css/shared_responsive.css?v=kR9MtmbWSZEp&l=engli
Source: file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074451497.0000000001668000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074451497.0000000001668000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074451497.0000000001668000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074451497.0000000001668000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&l=engl
Source: file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/javascript/shared_global.js?v=7glT1n_nkVCs&l=eng
Source: file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvIAKtunf
Source: file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
Source: file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/
Source: file.exe, 00000000.00000002.2076533613.0000000001664000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074451497.0000000001668000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/en/
Source: file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.steampowered.com/
Source: file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lv.queniujq.cn
Source: file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://medal.tv
Source: file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://player.vimeo.com
Source: file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net
Source: file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.ytimg.com;
Source: file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sketchfab.com
Source: file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steam.tv/
Source: file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast.akamaized.net
Source: file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.c
Source: file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: file.exe, 00000000.00000003.2074451497.0000000001680000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076722088.0000000001680000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/:
Source: file.exe, 00000000.00000002.2076533613.0000000001664000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074451497.0000000001668000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: file.exe, 00000000.00000002.2076533613.0000000001664000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074451497.0000000001668000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/discussions/
Source: file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: file.exe, 00000000.00000002.2076533613.0000000001664000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074451497.0000000001668000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/market/
Source: file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074451497.0000000001668000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/p
Source: file.exe, 00000000.00000003.2074451497.0000000001680000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076722088.0000000001680000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074451497.000000000168F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076722088.000000000168F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
Source: file.exe, 00000000.00000002.2076533613.0000000001664000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074451497.0000000001668000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/workshop/
Source: file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/
Source: file.exe, 00000000.00000003.2074619887.00000000016D6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074619887.00000000016A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016D6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;
Source: file.exe, 00000000.00000003.2074619887.00000000016A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C0e3d185a3e106e7
Source: file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/about/
Source: file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074451497.0000000001668000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/explore/
Source: file.exe, 00000000.00000002.2076533613.0000000001664000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/mobile
Source: file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074451497.0000000001668000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/news/
Source: file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074451497.0000000001668000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074451497.0000000001668000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074451497.0000000001668000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/stats/
Source: file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074451497.0000000001668000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074451497.0000000001668000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/
Source: file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com
Source: file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/

Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704

Source: unknown

HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.5:49704 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009E0228	0_2_009E0228
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A1A0D0	0_2_00A1A0D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D1000	0_2_009D1000
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009E2030	0_2_009E2030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A14040	0_2_00A14040
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA01BE	0_2_00BA01BE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009DE1A0	0_2_009DE1A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D71F0	0_2_009D71F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D5160	0_2_009D5160
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D12F7	0_2_009D12F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A082D0	0_2_00A082D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A012D0	0_2_00A012D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009DB3A0	0_2_009DB3A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D13A3	0_2_009D13A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A023E0	0_2_00A023E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA4320	0_2_00BA4320
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009DA300	0_2_009DA300
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B90306	0_2_00B90306
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009E049B	0_2_009E049B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009E4487	0_2_009E4487
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A064F0	0_2_00A064F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA9459	0_2_00BA9459
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009FC470	0_2_009FC470
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D8590	0_2_009D8590
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D35B0	0_2_009D35B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009EC5F0	0_2_009EC5F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B95564	0_2_00B95564
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A186F0	0_2_00A186F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A0F620	0_2_00A0F620
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9A674	0_2_00B9A674
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D164F	0_2_009D164F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A18652	0_2_00A18652
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A0E8A0	0_2_00A0E8A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B098E8	0_2_00B098E8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A0B8C0	0_2_00A0B8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B938D8	0_2_00B938D8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A01860	0_2_00A01860
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009DA850	0_2_009DA850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA285A	0_2_00BA285A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A189A0	0_2_00A189A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B989B3	0_2_00B989B3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA79B4	0_2_00BA79B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009F098B	0_2_009F098B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A17AB0	0_2_00A17AB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A18A80	0_2_00A18A80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA1A9C	0_2_00BA1A9C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A14A40	0_2_00A14A40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D7BF0	0_2_009D7BF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009EDB6F	0_2_009EDB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A16CBF	0_2_00A16CBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB9CED	0_2_00AB9CED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009FCCD0	0_2_009FCCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C21C98	0_2_00C21C98
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A18C02	0_2_00A18C02
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8CC05	0_2_00B8CC05
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA5DE4	0_2_00BA5DE4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009FFD10	0_2_009FFD10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009FDD29	0_2_009FDD29
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009F8D62	0_2_009F8D62
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009E6EBF	0_2_009E6EBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009DBEB0	0_2_009DBEB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009E4E2A	0_2_009E4E2A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009FAE57	0_2_009FAE57
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A18E70	0_2_00A18E70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B96E6A	0_2_00B96E6A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D8FD0	0_2_009D8FD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A17FC0	0_2_00A17FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009DAF10	0_2_009DAF10

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 009ED300 appears 152 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 009DCAA0 appears 48 times

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: ZLIB complexity 0.9995616749174917

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/0@9/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A08220 CoCreateInstance,

0_2_00A08220

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: file.exe	String found in binary or memory: wRtlAllocateHeap3Cannot find '%s'. Please, re-install this applicationThunRTMain__vbaVarTstNeWT_

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior

Source: file.exe

Static file information: File size 2965504 > 1048576

Source: file.exe

Static PE information: Raw size of dhicoklt is bigger than: 0x100000 < 0x2aaa00

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.9d0000.0.unpack :EW;.rsrc :W;.idata :W;dhicoklt:EW;egpwolix:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;dhicoklt:EW;egpwolix:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x2e2b7f should be: 0x2d886d

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name: dhicoklt
Source: file.exe	Static PE information: section name: egpwolix
Source: file.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C300D1 push 55E47C74h; mov dword ptr [esp], edi	0_2_00C30124
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BAE09D push ebx; mov dword ptr [esp], ecx	0_2_00BAE101
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5A0B2 push 4ADF6727h; mov dword ptr [esp], ecx	0_2_00C5A0CE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD00C6 push edx; mov dword ptr [esp], eax	0_2_00BD015B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CDB04C push 7738BB56h; mov dword ptr [esp], edx	0_2_00CDB091
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CDB04C push edx; mov dword ptr [esp], edi	0_2_00CDB15A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0E06C push 29B76646h; mov dword ptr [esp], edi	0_2_00B0E115
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C88038 push 7FB713FBh; mov dword ptr [esp], ecx	0_2_00C88100
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA01BE push esi; mov dword ptr [esp], eax	0_2_00BA02D2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA01BE push ebx; mov dword ptr [esp], ebp	0_2_00BA0342
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA01BE push 1B3EA403h; mov dword ptr [esp], edi	0_2_00BA034A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA01BE push esi; mov dword ptr [esp], ecx	0_2_00BA034E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA01BE push ecx; mov dword ptr [esp], ebp	0_2_00BA039F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA01BE push 5D8EBFDCh; mov dword ptr [esp], edx	0_2_00BA03BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA01BE push esi; mov dword ptr [esp], ebx	0_2_00BA03C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA01BE push 01B9785Bh; mov dword ptr [esp], edi	0_2_00BA03E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA01BE push edi; mov dword ptr [esp], ebp	0_2_00BA03E4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA01BE push 0227F360h; mov dword ptr [esp], edi	0_2_00BA03F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA01BE push ebp; mov dword ptr [esp], 3D728B00h	0_2_00BA03F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA01BE push edx; mov dword ptr [esp], esi	0_2_00BA042D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA01BE push esi; mov dword ptr [esp], eax	0_2_00BA04B5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA01BE push edi; mov dword ptr [esp], edx	0_2_00BA04BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA01BE push 07DD9358h; mov dword ptr [esp], esi	0_2_00BA05A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA01BE push edx; mov dword ptr [esp], edi	0_2_00BA05D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA01BE push 29B0A1C4h; mov dword ptr [esp], ebx	0_2_00BA0643
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA01BE push ebx; mov dword ptr [esp], 36FDF9E6h	0_2_00BA0647
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C341A6 push esi; mov dword ptr [esp], eax	0_2_00C34244
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CDB1BC push ebx; mov dword ptr [esp], 3E8A8C7Ah	0_2_00CDB1BD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CDB1BC push ecx; mov dword ptr [esp], ebx	0_2_00CDB1F5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CDB1BC push esi; mov dword ptr [esp], edx	0_2_00CDB1FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CDB1BC push ebp; mov dword ptr [esp], edx	0_2_00CDB29D

Source: file.exe

Static PE information: section name: entropy: 7.979961074706521

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BAD75F second address: BAD763 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BAD763 second address: BAD78E instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FD6B10B63E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b pushad 0x0000000c jg 00007FD6B10B63F7h 0x00000012 jg 00007FD6B10B63E6h 0x00000018 jmp 00007FD6B10B63EBh 0x0000001d push eax 0x0000001e push edx 0x0000001f ja 00007FD6B10B63E6h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BAD78E second address: BAD79C instructions: 0x00000000 rdtsc 0x00000002 jo 00007FD6B0E698B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BAD79C second address: BAD7A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BAD7A2 second address: BAD7A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BAD909 second address: BAD937 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FD6B10B63E6h 0x00000008 jng 00007FD6B10B63E6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jmp 00007FD6B10B63F0h 0x00000015 jnl 00007FD6B10B63E8h 0x0000001b popad 0x0000001c push esi 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BAD937 second address: BAD946 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD6B0E698BBh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB0173 second address: BB0178 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB0178 second address: BB01A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a jmp 00007FD6B0E698C4h 0x0000000f jl 00007FD6B0E698B6h 0x00000015 popad 0x00000016 jbe 00007FD6B0E698BCh 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB01A5 second address: BB01B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov eax, dword ptr [esp+04h] 0x00000009 jo 00007FD6B10B6402h 0x0000000f push eax 0x00000010 push edx 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB01B8 second address: BB01D7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD6B0E698C4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB01D7 second address: BB01F5 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FD6B10B63E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FD6B10B63EDh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB0301 second address: BB0307 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB0307 second address: BB030C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB030C second address: BB0311 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB03EE second address: BB04C4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD6B10B63F8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FD6B10B63F3h 0x0000000e popad 0x0000000f nop 0x00000010 xor dword ptr [ebp+122D357Eh], eax 0x00000016 push 00000000h 0x00000018 push 25B90A1Bh 0x0000001d jmp 00007FD6B10B63F5h 0x00000022 xor dword ptr [esp], 25B90A9Bh 0x00000029 mov esi, dword ptr [ebp+122D3A04h] 0x0000002f push 00000003h 0x00000031 or edx, 72FEA5A6h 0x00000037 push 00000000h 0x00000039 mov dword ptr [ebp+122D358Ch], esi 0x0000003f call 00007FD6B10B63EFh 0x00000044 sub edi, dword ptr [ebp+122D3940h] 0x0000004a pop ecx 0x0000004b push 00000003h 0x0000004d jne 00007FD6B10B63EBh 0x00000053 push EB04CD20h 0x00000058 push edi 0x00000059 jmp 00007FD6B10B63EEh 0x0000005e pop edi 0x0000005f xor dword ptr [esp], 2B04CD20h 0x00000066 jmp 00007FD6B10B63F9h 0x0000006b lea ebx, dword ptr [ebp+1245007Ch] 0x00000071 mov edx, esi 0x00000073 xchg eax, ebx 0x00000074 pushad 0x00000075 push eax 0x00000076 push edx 0x00000077 push edx 0x00000078 pop edx 0x00000079 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB04C4 second address: BB04E0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD6B0E698C5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB04E0 second address: BB04F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jl 00007FD6B10B63E8h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB04F1 second address: BB04F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB058B second address: BB0593 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB0593 second address: BB05DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 xor dword ptr [esp], 6C39242Fh 0x0000000d push esi 0x0000000e mov dword ptr [ebp+122D2F8Fh], edi 0x00000014 pop esi 0x00000015 push 00000003h 0x00000017 push 00000000h 0x00000019 mov dx, 4177h 0x0000001d push 00000003h 0x0000001f push 00000000h 0x00000021 push ebx 0x00000022 call 00007FD6B0E698B8h 0x00000027 pop ebx 0x00000028 mov dword ptr [esp+04h], ebx 0x0000002c add dword ptr [esp+04h], 00000017h 0x00000034 inc ebx 0x00000035 push ebx 0x00000036 ret 0x00000037 pop ebx 0x00000038 ret 0x00000039 push E19425EDh 0x0000003e je 00007FD6B0E698BEh 0x00000044 push ecx 0x00000045 push eax 0x00000046 push edx 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB05DF second address: BB0618 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 xor dword ptr [esp], 219425EDh 0x0000000c jmp 00007FD6B10B63EAh 0x00000011 lea ebx, dword ptr [ebp+12450087h] 0x00000017 jmp 00007FD6B10B63F2h 0x0000001c push eax 0x0000001d jc 00007FD6B10B63F8h 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB0618 second address: BB061C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB061C second address: BB0620 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCF11D second address: BCF121 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCF121 second address: BCF15D instructions: 0x00000000 rdtsc 0x00000002 jc 00007FD6B10B63E6h 0x00000008 jmp 00007FD6B10B63ECh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007FD6B10B63F4h 0x00000014 pushad 0x00000015 pushad 0x00000016 popad 0x00000017 jmp 00007FD6B10B63EDh 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCF2E0 second address: BCF307 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007FD6B0E698BEh 0x00000010 popad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FD6B0E698BAh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCF307 second address: BCF30E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCF446 second address: BCF44E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCF44E second address: BCF454 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCF454 second address: BCF45D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCF5E3 second address: BCF5FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007FD6B10B63ECh 0x0000000e jc 00007FD6B10B63E6h 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCF5FF second address: BCF604 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCFB78 second address: BCFB7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCFB7C second address: BCFB86 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FD6B0E698B6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCFE62 second address: BCFE84 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FD6B10B63E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FD6B10B63F8h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD0020 second address: BD0024 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD0024 second address: BD002A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD02EC second address: BD0301 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD6B0E698C0h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B94E44 second address: B94E48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B94E48 second address: B94E4E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD8742 second address: BD875B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 push eax 0x0000000a pop eax 0x0000000b jmp 00007FD6B10B63EDh 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD8B06 second address: BD8B17 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FD6B0E698B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD8B17 second address: BD8B1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD8B1B second address: BD8B2D instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FD6B0E698B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jp 00007FD6B0E698BCh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD8D4A second address: BD8D4E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD8D4E second address: BD8D7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FD6B0E698C9h 0x0000000e pop edx 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 pushad 0x00000014 push edi 0x00000015 push edx 0x00000016 pop edx 0x00000017 pop edi 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD8D7E second address: BD8DAE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD6B10B63F7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov eax, dword ptr [eax] 0x0000000c push eax 0x0000000d push edx 0x0000000e jng 00007FD6B10B63F0h 0x00000014 jmp 00007FD6B10B63EAh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD8DAE second address: BD8DB8 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FD6B0E698BCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD8F09 second address: BD8F0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDD584 second address: BDD58E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDD58E second address: BDD5A3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD6B10B63F1h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDD5A3 second address: BDD5A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B9B998 second address: B9B9BA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD6B10B63F0h 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jo 00007FD6B10B63ECh 0x00000011 jg 00007FD6B10B63E6h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B9B9BA second address: B9B9C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B9B9C2 second address: B9B9DF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD6B10B63EBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FD6B10B63ECh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDCA3F second address: BDCA60 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD6B0E698BCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FD6B0E698C1h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDCA60 second address: BDCA68 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 push esi 0x00000007 pop esi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDCA68 second address: BDCA6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDCCE8 second address: BDCCEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDCCEE second address: BDCD01 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FD6B0E698B6h 0x00000008 jng 00007FD6B0E698B6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDCD01 second address: BDCD19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FD6B10B63E6h 0x0000000a jmp 00007FD6B10B63ECh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDCD19 second address: BDCD1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDCD1E second address: BDCD31 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD6B10B63EDh 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDCD31 second address: BDCD35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDCE96 second address: BDCE9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDD13E second address: BDD15F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push esi 0x00000008 jmp 00007FD6B0E698C5h 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDD15F second address: BDD169 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FD6B10B63E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDD2E1 second address: BDD2EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FD6B0E698B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE0B25 second address: BE0B74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007FD6B10B63F5h 0x0000000d jmp 00007FD6B10B63F0h 0x00000012 popad 0x00000013 popad 0x00000014 push eax 0x00000015 js 00007FD6B10B63F6h 0x0000001b jmp 00007FD6B10B63F0h 0x00000020 mov eax, dword ptr [esp+04h] 0x00000024 pushad 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE0B74 second address: BE0B78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE0B78 second address: BE0BF3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD6B10B63F6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FD6B10B63F1h 0x0000000e popad 0x0000000f mov eax, dword ptr [eax] 0x00000011 pushad 0x00000012 jmp 00007FD6B10B63EEh 0x00000017 jg 00007FD6B10B63F8h 0x0000001d popad 0x0000001e mov dword ptr [esp+04h], eax 0x00000022 pushad 0x00000023 pushad 0x00000024 push edi 0x00000025 pop edi 0x00000026 jmp 00007FD6B10B63F9h 0x0000002b popad 0x0000002c pushad 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE0BF3 second address: BE0C78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD6B0E698C5h 0x00000009 popad 0x0000000a popad 0x0000000b pop eax 0x0000000c call 00007FD6B0E698C1h 0x00000011 jmp 00007FD6B0E698C4h 0x00000016 pop esi 0x00000017 call 00007FD6B0E698B9h 0x0000001c jl 00007FD6B0E698BEh 0x00000022 push ebx 0x00000023 jnl 00007FD6B0E698B6h 0x00000029 pop ebx 0x0000002a push eax 0x0000002b jmp 00007FD6B0E698C6h 0x00000030 mov eax, dword ptr [esp+04h] 0x00000034 pushad 0x00000035 je 00007FD6B0E698BCh 0x0000003b jns 00007FD6B0E698B6h 0x00000041 push eax 0x00000042 push edx 0x00000043 pushad 0x00000044 popad 0x00000045 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE0C78 second address: BE0CAC instructions: 0x00000000 rdtsc 0x00000002 je 00007FD6B10B63E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov eax, dword ptr [eax] 0x0000000d ja 00007FD6B10B63FDh 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 push eax 0x00000018 push edx 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c pop edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE0FD5 second address: BE0FE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push ebx 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE183A second address: BE184F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD6B10B63F0h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE19D7 second address: BE19DD instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE1B86 second address: BE1B8F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE1C5D second address: BE1C61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE1D24 second address: BE1D2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE1D2A second address: BE1D2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE1D2F second address: BE1D4C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD6B10B63F9h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE1EC0 second address: BE1EC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE1EC4 second address: BE1ECE instructions: 0x00000000 rdtsc 0x00000002 jns 00007FD6B10B63E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE1ECE second address: BE1ED3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE1ED3 second address: BE1EE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 jno 00007FD6B10B63E8h 0x0000000f push eax 0x00000010 push edx 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE24B7 second address: BE24C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007FD6B0E698B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE2DD0 second address: BE2DD6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE2DD6 second address: BE2DDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE2DDA second address: BE2DDE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE2DDE second address: BE2E39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push eax 0x0000000e call 00007FD6B0E698B8h 0x00000013 pop eax 0x00000014 mov dword ptr [esp+04h], eax 0x00000018 add dword ptr [esp+04h], 00000019h 0x00000020 inc eax 0x00000021 push eax 0x00000022 ret 0x00000023 pop eax 0x00000024 ret 0x00000025 jc 00007FD6B0E698B9h 0x0000002b mov di, si 0x0000002e mov edi, 7008025Ah 0x00000033 push 00000000h 0x00000035 sub si, 0602h 0x0000003a push 00000000h 0x0000003c push eax 0x0000003d pushad 0x0000003e pushad 0x0000003f jmp 00007FD6B0E698BDh 0x00000044 pushad 0x00000045 popad 0x00000046 popad 0x00000047 pushad 0x00000048 push eax 0x00000049 pop eax 0x0000004a push eax 0x0000004b push edx 0x0000004c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE4008 second address: BE4019 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD6B10B63EDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE4019 second address: BE404C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD6B0E698C2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jc 00007FD6B0E698CAh 0x00000012 jmp 00007FD6B0E698C4h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE49CD second address: BE4A46 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD6B10B63F9h 0x00000008 jmp 00007FD6B10B63EAh 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 nop 0x00000011 mov esi, dword ptr [ebp+122D3824h] 0x00000017 push 00000000h 0x00000019 adc edi, 0207F064h 0x0000001f push 00000000h 0x00000021 push 00000000h 0x00000023 push ebp 0x00000024 call 00007FD6B10B63E8h 0x00000029 pop ebp 0x0000002a mov dword ptr [esp+04h], ebp 0x0000002e add dword ptr [esp+04h], 0000001Ch 0x00000036 inc ebp 0x00000037 push ebp 0x00000038 ret 0x00000039 pop ebp 0x0000003a ret 0x0000003b call 00007FD6B10B63F3h 0x00000040 mov esi, eax 0x00000042 pop edi 0x00000043 push eax 0x00000044 push ecx 0x00000045 push ebx 0x00000046 push eax 0x00000047 push edx 0x00000048 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE5370 second address: BE5374 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE5374 second address: BE5391 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD6B10B63F9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE5F0B second address: BE5F42 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD6B0E698C8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FD6B0E698BDh 0x0000000e popad 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 jne 00007FD6B0E698B6h 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE5F42 second address: BE5F47 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE69EA second address: BE69F9 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FD6B0E698B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE69F9 second address: BE6A04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push ebx 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE6A04 second address: BE6A5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop ebx 0x00000008 nop 0x00000009 cmc 0x0000000a push 00000000h 0x0000000c push 00000000h 0x0000000e push edi 0x0000000f call 00007FD6B0E698B8h 0x00000014 pop edi 0x00000015 mov dword ptr [esp+04h], edi 0x00000019 add dword ptr [esp+04h], 00000015h 0x00000021 inc edi 0x00000022 push edi 0x00000023 ret 0x00000024 pop edi 0x00000025 ret 0x00000026 push 00000000h 0x00000028 push 00000000h 0x0000002a push ecx 0x0000002b call 00007FD6B0E698B8h 0x00000030 pop ecx 0x00000031 mov dword ptr [esp+04h], ecx 0x00000035 add dword ptr [esp+04h], 0000001Ah 0x0000003d inc ecx 0x0000003e push ecx 0x0000003f ret 0x00000040 pop ecx 0x00000041 ret 0x00000042 mov di, 29FDh 0x00000046 xchg eax, ebx 0x00000047 pushad 0x00000048 push eax 0x00000049 push edx 0x0000004a push eax 0x0000004b pop eax 0x0000004c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE6A5B second address: BE6A64 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEA548 second address: BEA54C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEA54C second address: BEA550 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEA550 second address: BEA556 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEA556 second address: BEA5F9 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007FD6B10B63ECh 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push eax 0x00000011 call 00007FD6B10B63E8h 0x00000016 pop eax 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b add dword ptr [esp+04h], 00000014h 0x00000023 inc eax 0x00000024 push eax 0x00000025 ret 0x00000026 pop eax 0x00000027 ret 0x00000028 mov ebx, 573F07D1h 0x0000002d push 00000000h 0x0000002f jmp 00007FD6B10B63F9h 0x00000034 push 00000000h 0x00000036 push 00000000h 0x00000038 push ecx 0x00000039 call 00007FD6B10B63E8h 0x0000003e pop ecx 0x0000003f mov dword ptr [esp+04h], ecx 0x00000043 add dword ptr [esp+04h], 0000001Bh 0x0000004b inc ecx 0x0000004c push ecx 0x0000004d ret 0x0000004e pop ecx 0x0000004f ret 0x00000050 jo 00007FD6B10B63ECh 0x00000056 mov edi, dword ptr [ebp+122D37CFh] 0x0000005c xchg eax, esi 0x0000005d push eax 0x0000005e jns 00007FD6B10B63E8h 0x00000064 pop eax 0x00000065 push eax 0x00000066 push ebx 0x00000067 push eax 0x00000068 push edx 0x00000069 jmp 00007FD6B10B63F2h 0x0000006e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEA5F9 second address: BEA5FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEB658 second address: BEB675 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD6B10B63F9h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEB675 second address: BEB6A8 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FD6B0E698B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e jmp 00007FD6B0E698C7h 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FD6B0E698BCh 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE729A second address: BE72A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA8F63 second address: BA8F69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA8F69 second address: BA8F89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FD6B10B63F0h 0x0000000f je 00007FD6B10B63E6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA8F89 second address: BA8F9B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007FD6B0E698BAh 0x0000000e push edi 0x0000000f pop edi 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEEE0B second address: BEEE15 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007FD6B10B63E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEEE15 second address: BEEE90 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push edx 0x0000000b jc 00007FD6B0E698B6h 0x00000011 pop edx 0x00000012 jmp 00007FD6B0E698C9h 0x00000017 popad 0x00000018 nop 0x00000019 push 00000000h 0x0000001b push esi 0x0000001c call 00007FD6B0E698B8h 0x00000021 pop esi 0x00000022 mov dword ptr [esp+04h], esi 0x00000026 add dword ptr [esp+04h], 0000001Ch 0x0000002e inc esi 0x0000002f push esi 0x00000030 ret 0x00000031 pop esi 0x00000032 ret 0x00000033 push 00000000h 0x00000035 cmc 0x00000036 call 00007FD6B0E698C4h 0x0000003b sbb bx, E5D4h 0x00000040 pop ebx 0x00000041 push 00000000h 0x00000043 mov ebx, dword ptr [ebp+122D3838h] 0x00000049 xchg eax, esi 0x0000004a pushad 0x0000004b push ebx 0x0000004c push eax 0x0000004d push edx 0x0000004e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEA773 second address: BEA777 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEB99A second address: BEB99E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEB99E second address: BEB9A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF21FE second address: BF2202 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF2202 second address: BF222B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jp 00007FD6B10B63E6h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jmp 00007FD6B10B63F2h 0x00000015 jp 00007FD6B10B63E6h 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEF023 second address: BEF02D instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FD6B0E698B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF00F9 second address: BF010F instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FD6B10B63E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 ja 00007FD6B10B63E6h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEF0B8 second address: BEF0BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF54D6 second address: BF54E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jno 00007FD6B10B63E6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF010F second address: BF0115 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEF0BC second address: BEF0C6 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FD6B10B63E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF54E5 second address: BF54E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF0115 second address: BF011B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF011B second address: BF01DE instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FD6B0E698B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d mov dword ptr [ebp+122D2F96h], ebx 0x00000013 call 00007FD6B0E698BEh 0x00000018 call 00007FD6B0E698C2h 0x0000001d pushad 0x0000001e popad 0x0000001f pop edi 0x00000020 pop edi 0x00000021 push dword ptr fs:[00000000h] 0x00000028 jmp 00007FD6B0E698BEh 0x0000002d mov dword ptr fs:[00000000h], esp 0x00000034 push 00000000h 0x00000036 push ecx 0x00000037 call 00007FD6B0E698B8h 0x0000003c pop ecx 0x0000003d mov dword ptr [esp+04h], ecx 0x00000041 add dword ptr [esp+04h], 0000001Ch 0x00000049 inc ecx 0x0000004a push ecx 0x0000004b ret 0x0000004c pop ecx 0x0000004d ret 0x0000004e mov eax, dword ptr [ebp+122D08E1h] 0x00000054 push 00000000h 0x00000056 push edx 0x00000057 call 00007FD6B0E698B8h 0x0000005c pop edx 0x0000005d mov dword ptr [esp+04h], edx 0x00000061 add dword ptr [esp+04h], 00000014h 0x00000069 inc edx 0x0000006a push edx 0x0000006b ret 0x0000006c pop edx 0x0000006d ret 0x0000006e mov dword ptr [ebp+122D2085h], ebx 0x00000074 push FFFFFFFFh 0x00000076 mov edi, dword ptr [ebp+122D3BA4h] 0x0000007c xor ebx, 3877AA16h 0x00000082 nop 0x00000083 push eax 0x00000084 push edx 0x00000085 jmp 00007FD6B0E698C3h 0x0000008a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF01DE second address: BF01F5 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FD6B10B63E8h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 js 00007FD6B10B63E6h 0x00000016 pop esi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF01F5 second address: BF01FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF01FB second address: BF01FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF2460 second address: BF2464 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF2464 second address: BF2468 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFA52F second address: BFA533 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFA533 second address: BFA539 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFA539 second address: BFA55F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FD6B0E698BEh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e jnp 00007FD6B0E698C4h 0x00000014 pushad 0x00000015 ja 00007FD6B0E698B6h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8FE91 second address: B8FEC9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnc 00007FD6B10B63E6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FD6B10B63F5h 0x00000014 jmp 00007FD6B10B63F4h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8FEC9 second address: B8FECE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF6717 second address: BF671B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFDB19 second address: BFDB27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD6B0E698BAh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF671B second address: BF6738 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD6B10B63F5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF7862 second address: BF787A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD6B0E698C4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFDB27 second address: BFDB2C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF6738 second address: BF673C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF4688 second address: BF46A0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD6B10B63EFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFDB2C second address: BFDB32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFE13D second address: BFE1B0 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FD6B10B63E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b nop 0x0000000c mov dword ptr [ebp+122D1FA5h], eax 0x00000012 mov di, 9229h 0x00000016 push 00000000h 0x00000018 cmc 0x00000019 sub dword ptr [ebp+1245D4B0h], ebx 0x0000001f push 00000000h 0x00000021 push 00000000h 0x00000023 push edi 0x00000024 call 00007FD6B10B63E8h 0x00000029 pop edi 0x0000002a mov dword ptr [esp+04h], edi 0x0000002e add dword ptr [esp+04h], 00000016h 0x00000036 inc edi 0x00000037 push edi 0x00000038 ret 0x00000039 pop edi 0x0000003a ret 0x0000003b mov ebx, dword ptr [ebp+122D3A64h] 0x00000041 jng 00007FD6B10B63ECh 0x00000047 mov dword ptr [ebp+122D300Dh], ebx 0x0000004d stc 0x0000004e xchg eax, esi 0x0000004f jnp 00007FD6B10B63F0h 0x00000055 push eax 0x00000056 push eax 0x00000057 push edx 0x00000058 push eax 0x00000059 jmp 00007FD6B10B63EBh 0x0000005e pop eax 0x0000005f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C041A6 second address: C041F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007FD6B0E698C2h 0x0000000c pushad 0x0000000d push eax 0x0000000e jp 00007FD6B0E698B6h 0x00000014 pop eax 0x00000015 jmp 00007FD6B0E698C6h 0x0000001a jmp 00007FD6B0E698C1h 0x0000001f push eax 0x00000020 push edx 0x00000021 ja 00007FD6B0E698B6h 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C07167 second address: C07176 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD6B10B63EBh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C07176 second address: C07187 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jno 00007FD6B0E698B6h 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0CF37 second address: C0CF40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B984C1 second address: B984D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD6B0E698BCh 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0C87D second address: C0C881 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0C881 second address: C0C8BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FD6B0E698BEh 0x0000000b push ecx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 pop ecx 0x00000011 jmp 00007FD6B0E698C5h 0x00000016 popad 0x00000017 pushad 0x00000018 pushad 0x00000019 pushad 0x0000001a popad 0x0000001b jns 00007FD6B0E698B6h 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0C8BD second address: C0C8D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007FD6B10B63EDh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0CA7C second address: C0CA97 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FD6B0E698C5h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C10C82 second address: C10C91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C10C91 second address: C10C95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C10C95 second address: C10C9B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C10C9B second address: C10CA1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C10CA1 second address: C10CA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C10CA5 second address: C10D09 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD6B0E698C4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f push edx 0x00000010 push eax 0x00000011 jmp 00007FD6B0E698C7h 0x00000016 pop eax 0x00000017 pop edx 0x00000018 mov eax, dword ptr [eax] 0x0000001a jmp 00007FD6B0E698BFh 0x0000001f mov dword ptr [esp+04h], eax 0x00000023 pushad 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007FD6B0E698C3h 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C10D09 second address: C10D13 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C10DDE second address: C10DE4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C10DE4 second address: C10DE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C10DE8 second address: C10E1B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FD6B0E698BCh 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 jns 00007FD6B0E698BAh 0x00000018 mov eax, dword ptr [eax] 0x0000001a push eax 0x0000001b push edx 0x0000001c jg 00007FD6B0E698BCh 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C15B94 second address: C15B9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C15B9A second address: C15BA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C15BA2 second address: C15BC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD6B10B63F5h 0x00000009 pop edi 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e jg 00007FD6B10B63E6h 0x00000014 push edi 0x00000015 pop edi 0x00000016 pop edi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C15BC9 second address: C15BD0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C16197 second address: C1619D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1619D second address: C161A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C169F3 second address: C16A27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push ecx 0x00000008 jmp 00007FD6B10B63F1h 0x0000000d pushad 0x0000000e popad 0x0000000f pop ecx 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FD6B10B63F5h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1C03F second address: C1C043 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1C448 second address: C1C44C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1C5AF second address: C1C5C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 push edx 0x00000009 pop edx 0x0000000a popad 0x0000000b push edx 0x0000000c je 00007FD6B0E698B6h 0x00000012 je 00007FD6B0E698B6h 0x00000018 pop edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1C9BA second address: C1C9C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1C9C0 second address: C1C9C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1C9C4 second address: C1C9CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1C9CA second address: C1C9D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1CCD6 second address: C1CCDA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1CCDA second address: C1CCE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC52E8 second address: BC5303 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FD6B10B63F2h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC5303 second address: BC5307 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC5307 second address: BC5319 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FD6B10B63E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a ja 00007FD6B10B63ECh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1D151 second address: C1D155 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C22BE5 second address: C22BF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 je 00007FD6B10B63E6h 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C22BF6 second address: C22BFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C21AC2 second address: C21AEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jnl 00007FD6B10B63ECh 0x0000000b popad 0x0000000c pushad 0x0000000d jng 00007FD6B10B63F2h 0x00000013 push edi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C21C53 second address: C21C59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C216AD second address: C216B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C216B3 second address: C216E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 pushad 0x00000007 popad 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d jmp 00007FD6B0E698BAh 0x00000012 ja 00007FD6B0E698B6h 0x00000018 pop eax 0x00000019 jmp 00007FD6B0E698C8h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C22635 second address: C2267A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD6B10B63EBh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FD6B10B63F4h 0x00000010 pop edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FD6B10B63EBh 0x00000018 jng 00007FD6B10B63F2h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C22921 second address: C22927 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C22927 second address: C22975 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 jne 00007FD6B10B63FFh 0x0000000e pushad 0x0000000f popad 0x00000010 jmp 00007FD6B10B63F7h 0x00000015 pushad 0x00000016 jmp 00007FD6B10B63F8h 0x0000001b jmp 00007FD6B10B63EBh 0x00000020 push eax 0x00000021 pop eax 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDF413 second address: BDF424 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jng 00007FD6B0E698B8h 0x0000000f push edi 0x00000010 pop edi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDF499 second address: BDF49F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDF49F second address: BDF52A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push esi 0x00000006 pop esi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jne 00007FD6B0E698BEh 0x00000011 xchg eax, ebx 0x00000012 mov dl, 4Dh 0x00000014 push dword ptr fs:[00000000h] 0x0000001b sub edx, dword ptr [ebp+122D3ABCh] 0x00000021 mov dword ptr fs:[00000000h], esp 0x00000028 cmc 0x00000029 mov dword ptr [ebp+1247F240h], esp 0x0000002f push 00000000h 0x00000031 push ecx 0x00000032 call 00007FD6B0E698B8h 0x00000037 pop ecx 0x00000038 mov dword ptr [esp+04h], ecx 0x0000003c add dword ptr [esp+04h], 00000017h 0x00000044 inc ecx 0x00000045 push ecx 0x00000046 ret 0x00000047 pop ecx 0x00000048 ret 0x00000049 movzx ecx, cx 0x0000004c jnp 00007FD6B0E698BCh 0x00000052 cmp dword ptr [ebp+122D3940h], 00000000h 0x00000059 jne 00007FD6B0E69983h 0x0000005f mov byte ptr [ebp+122D3206h], 00000047h 0x00000066 mov edi, 575EB42Fh 0x0000006b mov eax, D49AA7D2h 0x00000070 push eax 0x00000071 push eax 0x00000072 push edx 0x00000073 pushad 0x00000074 pushad 0x00000075 popad 0x00000076 push eax 0x00000077 push edx 0x00000078 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDF52A second address: BDF52F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDF52F second address: BDF534 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDF9FA second address: BDFA54 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD6B10B63F1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d pushad 0x0000000e push esi 0x0000000f pushad 0x00000010 popad 0x00000011 pop esi 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 jmp 00007FD6B10B63EAh 0x0000001a popad 0x0000001b popad 0x0000001c pop eax 0x0000001d movzx edi, cx 0x00000020 sub dx, 7ED7h 0x00000025 push C016C1CBh 0x0000002a push eax 0x0000002b push edx 0x0000002c jc 00007FD6B10B63FDh 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDFD1D second address: BDFD22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDFD22 second address: BDFD49 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD6B10B63F8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b pushad 0x0000000c jnp 00007FD6B10B63ECh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDFD49 second address: BDFD50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDFFC4 second address: BDFFC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDFFC8 second address: BE0007 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push ecx 0x0000000d call 00007FD6B0E698B8h 0x00000012 pop ecx 0x00000013 mov dword ptr [esp+04h], ecx 0x00000017 add dword ptr [esp+04h], 0000001Dh 0x0000001f inc ecx 0x00000020 push ecx 0x00000021 ret 0x00000022 pop ecx 0x00000023 ret 0x00000024 mov ch, C5h 0x00000026 push 00000004h 0x00000028 adc dx, A9D4h 0x0000002d nop 0x0000002e push eax 0x0000002f push edx 0x00000030 push eax 0x00000031 push eax 0x00000032 pop eax 0x00000033 pop eax 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE0007 second address: BE002B instructions: 0x00000000 rdtsc 0x00000002 jl 00007FD6B10B63F7h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push ecx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f pop ecx 0x00000010 push ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE0791 second address: BE0797 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE0797 second address: BE0844 instructions: 0x00000000 rdtsc 0x00000002 js 00007FD6B10B63E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jne 00007FD6B10B63F8h 0x00000013 nop 0x00000014 mov edx, dword ptr [ebp+122D383Ch] 0x0000001a lea eax, dword ptr [ebp+1247F22Ch] 0x00000020 movzx edx, dx 0x00000023 nop 0x00000024 je 00007FD6B10B63EEh 0x0000002a jns 00007FD6B10B63E8h 0x00000030 push eax 0x00000031 pushad 0x00000032 pushad 0x00000033 jmp 00007FD6B10B63ECh 0x00000038 jmp 00007FD6B10B63EEh 0x0000003d popad 0x0000003e jnc 00007FD6B10B63E8h 0x00000044 popad 0x00000045 nop 0x00000046 pushad 0x00000047 mov bx, 00E8h 0x0000004b push ebx 0x0000004c jnp 00007FD6B10B63E6h 0x00000052 pop eax 0x00000053 popad 0x00000054 lea eax, dword ptr [ebp+1247F1E8h] 0x0000005a mov dword ptr [ebp+1244F1A6h], ebx 0x00000060 nop 0x00000061 push esi 0x00000062 js 00007FD6B10B63FFh 0x00000068 jmp 00007FD6B10B63F9h 0x0000006d pop esi 0x0000006e push eax 0x0000006f pushad 0x00000070 pushad 0x00000071 push eax 0x00000072 push edx 0x00000073 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE0844 second address: BE085A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD6B0E698BDh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE085A second address: BE085E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE085E second address: BC52E8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push ebx 0x0000000b call 00007FD6B0E698B8h 0x00000010 pop ebx 0x00000011 mov dword ptr [esp+04h], ebx 0x00000015 add dword ptr [esp+04h], 0000001Ch 0x0000001d inc ebx 0x0000001e push ebx 0x0000001f ret 0x00000020 pop ebx 0x00000021 ret 0x00000022 mov ecx, eax 0x00000024 call dword ptr [ebp+122D2FCEh] 0x0000002a jmp 00007FD6B0E698C8h 0x0000002f pushad 0x00000030 push ebx 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C262FD second address: C26321 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FD6B10B63E8h 0x00000008 pushad 0x00000009 popad 0x0000000a jns 00007FD6B10B63F2h 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push edx 0x00000017 pop edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C26321 second address: C26345 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD6B0E698C4h 0x00000007 jmp 00007FD6B0E698BCh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C26345 second address: C2635A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 jp 00007FD6B10B63E6h 0x0000000b popad 0x0000000c push edi 0x0000000d jc 00007FD6B10B63E6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C268D7 second address: C268ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD6B0E698C2h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C268ED second address: C26906 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD6B10B63F5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C29C8D second address: C29CA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 jc 00007FD6B0E698B6h 0x0000000c pushad 0x0000000d popad 0x0000000e ja 00007FD6B0E698B6h 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2D02D second address: C2D033 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2D033 second address: C2D03C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2D03C second address: C2D063 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 js 00007FD6B10B63FCh 0x0000000d jmp 00007FD6B10B63F4h 0x00000012 push edx 0x00000013 pop edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2D063 second address: C2D067 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C316A2 second address: C316A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C311FE second address: C31202 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C31202 second address: C31208 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C31208 second address: C3122A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 jno 00007FD6B0E698E9h 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FD6B0E698C1h 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3122A second address: C3122E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3122E second address: C31234 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C31234 second address: C31242 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007FD6B10B63EEh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C31371 second address: C313BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD6B0E698C9h 0x00000009 jmp 00007FD6B0E698C4h 0x0000000e popad 0x0000000f js 00007FD6B0E698C8h 0x00000015 jmp 00007FD6B0E698C2h 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B9D474 second address: B9D493 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FD6B10B63F3h 0x0000000f push edx 0x00000010 pop edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B9D493 second address: B9D49D instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FD6B0E698B6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B9D49D second address: B9D4A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B9D4A3 second address: B9D4B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD6B0E698C0h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C33FFE second address: C3400D instructions: 0x00000000 rdtsc 0x00000002 jo 00007FD6B10B63EAh 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C38E73 second address: C38E8F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD6B0E698BEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a jng 00007FD6B0E698B6h 0x00000010 pushad 0x00000011 popad 0x00000012 pop edi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C38E8F second address: C38EC5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD6B10B63F5h 0x00000008 jnl 00007FD6B10B63E6h 0x0000000e jmp 00007FD6B10B63F6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C38EC5 second address: C38EEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FD6B0E698C9h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C38EEB second address: C38EF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C38371 second address: C38375 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C38375 second address: C38385 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 jc 00007FD6B10B6412h 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C38385 second address: C383A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD6B0E698C0h 0x00000009 jnc 00007FD6B0E698B6h 0x0000000f jbe 00007FD6B0E698B6h 0x00000015 popad 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C384DD second address: C384E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C384E3 second address: C38502 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD6B0E698C4h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C38502 second address: C3851B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD6B10B63F5h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3851B second address: C3851F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C38645 second address: C38654 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jne 00007FD6B10B63E6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C387A6 second address: C387B2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C38902 second address: C3890E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FD6B10B63ECh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3CC64 second address: C3CC6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3CC6A second address: C3CC6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3CC6E second address: C3CC7A instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FD6B0E698B6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3CC7A second address: C3CC84 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007FD6B10B63E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3C55A second address: C3C5AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD6B0E698BAh 0x00000009 jmp 00007FD6B0E698BDh 0x0000000e popad 0x0000000f pushad 0x00000010 jmp 00007FD6B0E698BEh 0x00000015 pushad 0x00000016 push eax 0x00000017 pop eax 0x00000018 jns 00007FD6B0E698B6h 0x0000001e jmp 00007FD6B0E698C6h 0x00000023 push edx 0x00000024 pop edx 0x00000025 popad 0x00000026 jp 00007FD6B0E698BEh 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3C9A1 second address: C3C9BE instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jmp 00007FD6B10B63F5h 0x0000000c pop esi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C42569 second address: C4256F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4256F second address: C4257E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push ebx 0x00000006 pushad 0x00000007 popad 0x00000008 pop ebx 0x00000009 popad 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4257E second address: C42584 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C41206 second address: C41232 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD6B10B63F6h 0x00000007 pushad 0x00000008 js 00007FD6B10B63E6h 0x0000000e push edx 0x0000000f pop edx 0x00000010 popad 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 push esi 0x00000016 pushad 0x00000017 popad 0x00000018 push ebx 0x00000019 pop ebx 0x0000001a pop esi 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C41380 second address: C41386 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C41386 second address: C41392 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FD6B10B63E6h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE0174 second address: BE0178 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE0178 second address: BE0194 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD6B10B63F5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4167D second address: C41688 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4182A second address: C41830 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C42290 second address: C4229F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 jg 00007FD6B0E698C2h 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C47BF1 second address: C47BFB instructions: 0x00000000 rdtsc 0x00000002 jns 00007FD6B10B63E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C47BFB second address: C47C27 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FD6B0E698CEh 0x00000008 jmp 00007FD6B0E698C8h 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FD6B0E698BAh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C484F1 second address: C484F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C48A96 second address: C48AA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FD6B0E698B6h 0x0000000a pop ebx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C48DC5 second address: C48DE1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD6B10B63EEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jp 00007FD6B10B63FAh 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C48DE1 second address: C48DE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C49076 second address: C4908B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD6B10B63F1h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C495C6 second address: C495CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C495CA second address: C495D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4D495 second address: C4D4AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD6B0E698C5h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4D4AE second address: C4D4D3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD6B10B63F3h 0x00000007 jo 00007FD6B10B63E6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jng 00007FD6B10B63EEh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4D774 second address: C4D778 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4D778 second address: C4D77C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4DDEF second address: C4DDF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4DDF3 second address: C4DDF8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4DDF8 second address: C4DE26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FD6B0E698C2h 0x0000000b popad 0x0000000c pushad 0x0000000d ja 00007FD6B0E698B6h 0x00000013 jg 00007FD6B0E698B6h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4DE26 second address: C4DE2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4DE2A second address: C4DE36 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5A0ED second address: C5A0F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5A0F1 second address: C5A120 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD6B0E698BFh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007FD6B0E698C5h 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5A120 second address: C5A129 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5A129 second address: C5A12F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5A12F second address: C5A133 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5A133 second address: C5A137 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5852F second address: C58533 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C58533 second address: C5853D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5853D second address: C5854E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jl 00007FD6B10B63E6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5854E second address: C5857F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push esi 0x00000007 jmp 00007FD6B0E698C1h 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FD6B0E698C1h 0x00000013 jnp 00007FD6B0E698B6h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5881A second address: C58845 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FD6B10B63F4h 0x0000000b popad 0x0000000c jmp 00007FD6B10B63F0h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C58845 second address: C5884C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C589C2 second address: C589C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C589C8 second address: C589CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C589CC second address: C589D2 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C59102 second address: C5910A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5910A second address: C59120 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FD6B10B63E6h 0x0000000a popad 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jnc 00007FD6B10B63E6h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C59120 second address: C59148 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD6B0E698BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FD6B0E698C9h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C57F90 second address: C57F96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C57F96 second address: C57F9A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5E232 second address: C5E245 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD6B10B63EFh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6314C second address: C63150 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C63150 second address: C63159 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C63159 second address: C63181 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD6B0E698C3h 0x00000009 jl 00007FD6B0E698B6h 0x0000000f jns 00007FD6B0E698B6h 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 push edx 0x00000019 pop edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C62CEA second address: C62CF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C62CF0 second address: C62CF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C62CF6 second address: C62CFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C70FAC second address: C70FC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007FD6B0E698BBh 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b je 00007FD6B0E698B6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C70FC3 second address: C70FCD instructions: 0x00000000 rdtsc 0x00000002 je 00007FD6B10B63E6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C728A2 second address: C728A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C75EB5 second address: C75EB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C75EB9 second address: C75EC9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a jnp 00007FD6B0E698B6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7A6F5 second address: C7A6F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7A6F9 second address: C7A705 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7A705 second address: C7A70B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C83611 second address: C8362E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jg 00007FD6B0E698B6h 0x0000000c jnc 00007FD6B0E698B6h 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 ja 00007FD6B0E698B6h 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8B686 second address: C8B68B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8BA93 second address: C8BA99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8BA99 second address: C8BAB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 push ecx 0x00000007 pushad 0x00000008 jng 00007FD6B10B63E6h 0x0000000e push edi 0x0000000f pop edi 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 pop eax 0x00000014 popad 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8BAB1 second address: C8BAB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8BC31 second address: C8BC35 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8BC35 second address: C8BC3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8BC3B second address: C8BC45 instructions: 0x00000000 rdtsc 0x00000002 js 00007FD6B10B63F6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8BC45 second address: C8BC5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD6B0E698BAh 0x00000009 jne 00007FD6B0E698C2h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8BC5B second address: C8BC61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8C01A second address: C8C021 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C903CF second address: C903FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 jmp 00007FD6B10B63F3h 0x0000000b jl 00007FD6B10B63E6h 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FD6B10B63EBh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9FEC3 second address: C9FEDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FD6B0E698B6h 0x0000000a popad 0x0000000b pushad 0x0000000c js 00007FD6B0E698B6h 0x00000012 jp 00007FD6B0E698B6h 0x00000018 pushad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9FEDF second address: C9FEE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA182B second address: CA182F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA182F second address: CA183A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAE6B6 second address: CAE6E2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD6B0E698C7h 0x00000007 jmp 00007FD6B0E698C1h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB145F second address: CB1465 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB0FB1 second address: CB0FB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB0FB9 second address: CB0FDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jl 00007FD6B10B63E6h 0x0000000c popad 0x0000000d jns 00007FD6B10B63F5h 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB0FDE second address: CB1023 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD6B0E698BCh 0x00000009 popad 0x0000000a popad 0x0000000b pushad 0x0000000c push ecx 0x0000000d jmp 00007FD6B0E698C9h 0x00000012 pop ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FD6B0E698C3h 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB1023 second address: CB102C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCA03E second address: CCA043 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC8F0B second address: CC8F1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FD6B10B63E6h 0x0000000a jng 00007FD6B10B63E6h 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC8F1C second address: CC8F3A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD6B0E698BFh 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pushad 0x0000000c jne 00007FD6B0E698B6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC91EA second address: CC9202 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD6B10B63F3h 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC9379 second address: CC9394 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FD6B0E698BAh 0x00000008 jnc 00007FD6B0E698B8h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 push esi 0x00000014 pop esi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC94F7 second address: CC94FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC94FB second address: CC951C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007FD6B0E698C7h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC951C second address: CC9520 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC996C second address: CC9971 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC9BE3 second address: CC9BF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007FD6B10B63EBh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC9BF4 second address: CC9BFF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edi 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCCCCD second address: CCCCDB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007FD6B10B63ECh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCCCDB second address: CCCCF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FD6B0E698C1h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCCCF6 second address: CCCCFC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCCCFC second address: CCCD01 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCCD01 second address: CCCD07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCE1D3 second address: CCE1D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCE1D9 second address: CCE1E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCE1E2 second address: CCE1E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCF8FA second address: CCF8FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCF8FE second address: CCF902 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCF902 second address: CCF91C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FD6B10B63E6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jnl 00007FD6B10B63EEh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460B3F second address: 5460BB1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD6B0E698C8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 call 00007FD6B0E698C2h 0x0000000e pop ebx 0x0000000f popad 0x00000010 mov ecx, dword ptr [eax+00000FDCh] 0x00000016 jmp 00007FD6B0E698BCh 0x0000001b test ecx, ecx 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 pushfd 0x00000021 jmp 00007FD6B0E698BDh 0x00000026 sub si, E896h 0x0000002b jmp 00007FD6B0E698C1h 0x00000030 popfd 0x00000031 mov ecx, 79BC0907h 0x00000036 popad 0x00000037 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460BB1 second address: 5460BCE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD6B10B63EDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jns 00007FD6B10B6445h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460BCE second address: 5460BE1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD6B0E698BFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460BE1 second address: 5460C06 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD6B10B63F9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add eax, ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460C06 second address: 5460C19 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD6B0E698BFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460C19 second address: 5460C1F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460C1F second address: 5460C32 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax+00000860h] 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460C32 second address: 5460CB7 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FD6B10B63F9h 0x00000008 adc al, FFFFFFC6h 0x0000000b jmp 00007FD6B10B63F1h 0x00000010 popfd 0x00000011 pop edx 0x00000012 pop eax 0x00000013 movzx ecx, bx 0x00000016 popad 0x00000017 test eax, eax 0x00000019 jmp 00007FD6B10B63F3h 0x0000001e je 00007FD7216CC4C7h 0x00000024 jmp 00007FD6B10B63F6h 0x00000029 test byte ptr [eax+04h], 00000005h 0x0000002d push eax 0x0000002e push edx 0x0000002f jmp 00007FD6B10B63F7h 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460CB7 second address: 5460CBD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: A33BF7 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: A33BFD instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: BDF4D6 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: C68DD9 instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe TID: 5968

Thread sleep time: -60000s >= -30000s

Jump to behavior

Source: file.exe	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.2076533613.000000000162E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW8
Source: file.exe, 00000000.00000003.2074619887.00000000016A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: file.exe	Binary or memory string: \\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A15BB0 LdrInitializeThunk,

0_2_00A15BB0

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: file.exe	String found in binary or memory: licendfilteo.site
Source: file.exe	String found in binary or memory: clearancek.site
Source: file.exe	String found in binary or memory: bathdoomgaz.stor
Source: file.exe	String found in binary or memory: spirittunek.stor
Source: file.exe	String found in binary or memory: dissapoiznw.stor
Source: file.exe	String found in binary or memory: studennotediw.stor
Source: file.exe	String found in binary or memory: mobbipenju.stor
Source: file.exe	String found in binary or memory: eaglepawnoy.stor

Source: file.exe, 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: xProgram Manager

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 Process Injection	24 Virtualization/Sandbox Evasion	OS Credential Dumping	631 Security Software Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 PowerShell	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Process Injection	LSASS Memory	24 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	11 Deobfuscate/Decode Files or Information	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	4 Obfuscated Files or Information	NTDS	23 System Information Discovery	Distributed Component Object Model	Input Capture	113 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Link
steamcommunity.com	0%	Virustotal	Browse
mobbipenju.store	22%	Virustotal	Browse
spirittunek.store	22%	Virustotal	Browse
bathdoomgaz.store	22%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label
https://player.vimeo.com	0%	URL Reputation	safe
https://help.steampowered.com/en/	0%	URL Reputation	safe
https://store.steampowered.com/news/	0%	URL Reputation	safe
https://store.steampowered.com/subscriber_agreement/	0%	URL Reputation	safe
https://www.gstatic.cn/recaptcha/	0%	URL Reputation	safe
https://recaptcha.net/recaptcha/;	0%	URL Reputation	safe
http://www.valvesoftware.com/legal.htm	0%	URL Reputation	safe
https://store.steampowered.com/stats/	0%	URL Reputation	safe
https://medal.tv	0%	URL Reputation	safe
https://broadcast.st.dl.eccdnx.com	0%	URL Reputation	safe
https://store.steampowered.com/steam_refunds/	0%	URL Reputation	safe
https://login.steampowered.com/	0%	URL Reputation	safe
https://steam.tv/	0%	URL Reputation	safe
https://store.steampowered.com/points/shop/	0%	URL Reputation	safe
https://recaptcha.net	0%	URL Reputation	safe
https://store.steampowered.com/	0%	URL Reputation	safe
https://lv.queniujq.cn	0%	URL Reputation	safe
https://store.steampowered.com/privacy_agreement/	0%	URL Reputation	safe
https://checkout.steampowered.com/	0%	URL Reputation	safe
https://help.steampowered.com/	0%	URL Reputation	safe
https://api.steampowered.com/	0%	URL Reputation	safe
https://store.steampowered.com/mobile	0%	URL Reputation	safe
https://store.steampowered.com/;	0%	URL Reputation	safe
https://store.steampowered.com/about/	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
steamcommunity.com	104.102.49.254	true	true	0%, Virustotal, Browse	unknown
eaglepawnoy.store	unknown	unknown	true		unknown
bathdoomgaz.store	unknown	unknown	true	22%, Virustotal, Browse	unknown
spirittunek.store	unknown	unknown	true	22%, Virustotal, Browse	unknown
licendfilteo.site	unknown	unknown	true		unknown
studennotediw.store	unknown	unknown	true		unknown
mobbipenju.store	unknown	unknown	true	22%, Virustotal, Browse	unknown
clearancek.site	unknown	unknown	true		unknown
dissapoiznw.store	unknown	unknown	true		unknown

Contacted URLs

Name	Malicious	Reputation
bathdoomgaz.store	true	unknown
studennotediw.store	true	unknown
clearancek.site	true	unknown
dissapoiznw.store	true	unknown
https://steamcommunity.com/profiles/76561199724331900	true	unknown
spirittunek.store	true	unknown
licendfilteo.site	true	unknown
eaglepawnoy.store	true	unknown
mobbipenju.store	true	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://steamcommunity.com/my/wishlist/	file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074451497.0000000001668000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://player.vimeo.com	file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C0e3d185a3e106e7	file.exe, 00000000.00000003.2074619887.00000000016A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL&l=	file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/?subsection=broadcasts	file.exe, 00000000.00000002.2076533613.0000000001664000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074451497.0000000001668000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://help.steampowered.com/en/	file.exe, 00000000.00000002.2076533613.0000000001664000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074451497.0000000001668000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/market/	file.exe, 00000000.00000002.2076533613.0000000001664000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074451497.0000000001668000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/news/	file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074451497.0000000001668000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/shared/css/motiva_sans.css?v=v7XTmVzbLV33&l=english	file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/javascript/global.js?v=7qlUmHSJhPRN&l=english	file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/css/globalv2.css?v=dQy8Omh4p9PH&l=english	file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/subscriber_agreement/	file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074451497.0000000001668000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.gstatic.cn/recaptcha/	file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://recaptcha.net/recaptcha/;	file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.valvesoftware.com/legal.htm	file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074451497.0000000001668000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/discussions/	file.exe, 00000000.00000002.2076533613.0000000001664000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074451497.0000000001668000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.youtube.com	file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.google.com	file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/stats/	file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074451497.0000000001668000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://medal.tv	file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://broadcast.st.dl.eccdnx.com	file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/steam_refunds/	file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074451497.0000000001668000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074451497.0000000001668000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0	file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/shared/css/buttons.css?v=-WV9f1LdxEjq&l=english	file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900	file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/	file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/	file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://s.ytimg.com;	file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/workshop/	file.exe, 00000000.00000002.2076533613.0000000001664000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074451497.0000000001668000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://login.steampowered.com/	file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/shared/images/responsive/header_logo.png	file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074451497.0000000001668000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steam.tv/	file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/:	file.exe, 00000000.00000003.2074451497.0000000001680000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076722088.0000000001680000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016	file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074451497.0000000001668000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/p	file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.c	file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC	file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/css/skin_1/header.css?v=pTvrRy1pm52p&l=english	file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/points/shop/	file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074451497.0000000001668000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://recaptcha.net	file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/	file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/shared/javascript/shared_global.js?v=7glT1n_nkVCs&l=eng	file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://sketchfab.com	file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://lv.queniujq.cn	file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.youtube.com/	file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://127.0.0.1:27060	file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/shared/css/shared_global.css?v=uF6G1wyNU-4c&l=english	file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png	file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074451497.0000000001668000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/privacy_agreement/	file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074451497.0000000001668000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&l=engl	file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.google.com/recaptcha/	file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://checkout.steampowered.com/	file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw	file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://help.steampowered.com/	file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://api.steampowered.com/	file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/css/skin_1/fatalerror.css?v=wctRWaBvNt2z&l=english	file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvIAKtunf	file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/shared/css/shared_responsive.css?v=kR9MtmbWSZEp&l=engli	file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/mobile	file.exe, 00000000.00000002.2076533613.0000000001664000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074394493.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/	file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/;	file.exe, 00000000.00000003.2074619887.00000000016D6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074619887.00000000016A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076794906.00000000016D6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2076722088.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/about/	file.exe, 00000000.00000002.2076794906.00000000016EB000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.102.49.254	steamcommunity.com	United States		16625	AKAMAI-ASUS	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1538055
Start date and time:	2024-10-20 06:39:08 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 27s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	2
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@1/0@9/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): dllhost.exe
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
00:40:01	API Interceptor	2x Sleep call for process: file.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.102.49.254	http://gtm-cn-j4g3qqvf603.steamproxy1.com/	Get hash	malicious	Unknown	Browse	www.valvesoftware.com/legal.htm

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
steamcommunity.com	cH4EGgNUR7.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	6FecO9d3l9.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	2WWOAq4c3b.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	EY2raBetTi.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	S3AYU5t2JP.exe	Get hash	malicious	LummaC, Amadey, Stealc	Browse	104.102.49.254
	PTc16LnPI5.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	yRMHuXP8fH.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	FwJnQcLliE.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	LTHfL7T0bh.exe	Get hash	malicious	LummaC	Browse	104.102.49.254

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASUS	cH4EGgNUR7.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	6FecO9d3l9.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	2WWOAq4c3b.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	EY2raBetTi.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	S3AYU5t2JP.exe	Get hash	malicious	LummaC, Amadey, Stealc	Browse	104.102.49.254
	PTc16LnPI5.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	yRMHuXP8fH.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	FwJnQcLliE.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	LTHfL7T0bh.exe	Get hash	malicious	LummaC	Browse	104.102.49.254

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	cH4EGgNUR7.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	6FecO9d3l9.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	2WWOAq4c3b.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	EY2raBetTi.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	S3AYU5t2JP.exe	Get hash	malicious	LummaC, Amadey, Stealc	Browse	104.102.49.254
	PTc16LnPI5.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	yRMHuXP8fH.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	FwJnQcLliE.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	LTHfL7T0bh.exe	Get hash	malicious	LummaC	Browse	104.102.49.254

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.534176503206865
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	2'965'504 bytes
MD5:	4a1a4df1c161219662bd9bcbe281e2f6
SHA1:	78c70f5fd15a84369836b2128a5835f8aa366598
SHA256:	f203b5df54658f1c7e1d3510451e8e4c19bbee0b175f53ca4eb3f0405024cad2
SHA512:	a6a00e397a7de87c110e5fb1051382e6281c29ba6c1c0585e86202bb4f55ac4b283516681d53cfdc555245a551ce85dd6ecb04a3ccc80a3df18905dbc43ec26e
SSDEEP:	49152:fqUIv4jXwaDZwBRcviwQ+ETCVPPc3eF3T/j5j1JVdVRYS8ZDAWehx:jdjXwaDZiRcviwQPTEsOVdVRYLkW6
TLSH:	F9D53A62B90572CFE48E177889A7CDD2A9AD42BD07100DC3AC6868F9BDB3CC515F6D24
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...J..f..............................0...........@...........................0......+....@.................................W...k..

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x70c000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66FFF14A [Fri Oct 4 13:44:42 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007FD6B07E16CAh
hint_nop dword ptr [00000000h]
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [ebx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add bh, bh
inc dword ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edi], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add eax, 0000000Ah
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
and al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
mov ch, 80h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+eax], ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
pop es
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add eax, 0000000Ah
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
or byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], cl
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x5f057	0x6b	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x5f1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x5d000	0x25e00	7f02bc971298c35612a9f731c54d73cd	False	0.9995616749174917	data	7.979961074706521	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x5e000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x5f000	0x1000	0x200	fe72def8b74193a84232a780098a7ce0	False	0.150390625	data	1.04205214219471	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
dhicoklt	0x60000	0x2ab000	0x2aaa00	8590bd9f202fa95fe766840f168aa049	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
egpwolix	0x30b000	0x1000	0x400	0aa33065e9c93ade7f60c408d7c4a293	False	0.7421875	data	5.95048818716859	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x30c000	0x3000	0x2200	447edbeef4b4e417808bed85307a76e4	False	0.06433823529411764	DOS executable (COM)	0.7165489913514391	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-20T06:40:03.352772+0200	2056471	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)	1	192.168.2.5	60623	1.1.1.1	53	UDP
2024-10-20T06:40:03.365155+0200	2056485	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)	1	192.168.2.5	55248	1.1.1.1	53	UDP
2024-10-20T06:40:03.386629+0200	2056483	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)	1	192.168.2.5	49539	1.1.1.1	53	UDP
2024-10-20T06:40:03.398893+0200	2056481	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)	1	192.168.2.5	54291	1.1.1.1	53	UDP
2024-10-20T06:40:03.410045+0200	2056479	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)	1	192.168.2.5	56223	1.1.1.1	53	UDP
2024-10-20T06:40:03.420827+0200	2056477	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)	1	192.168.2.5	57791	1.1.1.1	53	UDP
2024-10-20T06:40:03.431067+0200	2056475	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)	1	192.168.2.5	60389	1.1.1.1	53	UDP
2024-10-20T06:40:03.450475+0200	2056473	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)	1	192.168.2.5	49662	1.1.1.1	53	UDP
2024-10-20T06:40:05.318442+0200	2858666	ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup	1	192.168.2.5	49704	104.102.49.254	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 20, 2024 06:40:03.476093054 CEST	49704	443	192.168.2.5	104.102.49.254
Oct 20, 2024 06:40:03.476123095 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 20, 2024 06:40:03.476191998 CEST	49704	443	192.168.2.5	104.102.49.254
Oct 20, 2024 06:40:03.477596045 CEST	49704	443	192.168.2.5	104.102.49.254
Oct 20, 2024 06:40:03.477602005 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 20, 2024 06:40:04.558132887 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 20, 2024 06:40:04.558192015 CEST	49704	443	192.168.2.5	104.102.49.254
Oct 20, 2024 06:40:04.562060118 CEST	49704	443	192.168.2.5	104.102.49.254
Oct 20, 2024 06:40:04.562071085 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 20, 2024 06:40:04.562338114 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 20, 2024 06:40:04.608094931 CEST	49704	443	192.168.2.5	104.102.49.254
Oct 20, 2024 06:40:04.655401945 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 20, 2024 06:40:05.318481922 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 20, 2024 06:40:05.318511009 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 20, 2024 06:40:05.318532944 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 20, 2024 06:40:05.318540096 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 20, 2024 06:40:05.318553925 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 20, 2024 06:40:05.318564892 CEST	49704	443	192.168.2.5	104.102.49.254
Oct 20, 2024 06:40:05.318579912 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 20, 2024 06:40:05.318613052 CEST	49704	443	192.168.2.5	104.102.49.254
Oct 20, 2024 06:40:05.318643093 CEST	49704	443	192.168.2.5	104.102.49.254
Oct 20, 2024 06:40:05.319195032 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 20, 2024 06:40:05.319251060 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 20, 2024 06:40:05.319292068 CEST	49704	443	192.168.2.5	104.102.49.254
Oct 20, 2024 06:40:05.320501089 CEST	49704	443	192.168.2.5	104.102.49.254
Oct 20, 2024 06:40:05.320518970 CEST	443	49704	104.102.49.254	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 20, 2024 06:40:03.352771997 CEST	60623	53	192.168.2.5	1.1.1.1
Oct 20, 2024 06:40:03.361829042 CEST	53	60623	1.1.1.1	192.168.2.5
Oct 20, 2024 06:40:03.365154982 CEST	55248	53	192.168.2.5	1.1.1.1
Oct 20, 2024 06:40:03.374270916 CEST	53	55248	1.1.1.1	192.168.2.5
Oct 20, 2024 06:40:03.386629105 CEST	49539	53	192.168.2.5	1.1.1.1
Oct 20, 2024 06:40:03.395450115 CEST	53	49539	1.1.1.1	192.168.2.5
Oct 20, 2024 06:40:03.398893118 CEST	54291	53	192.168.2.5	1.1.1.1
Oct 20, 2024 06:40:03.407701969 CEST	53	54291	1.1.1.1	192.168.2.5
Oct 20, 2024 06:40:03.410044909 CEST	56223	53	192.168.2.5	1.1.1.1
Oct 20, 2024 06:40:03.418554068 CEST	53	56223	1.1.1.1	192.168.2.5
Oct 20, 2024 06:40:03.420826912 CEST	57791	53	192.168.2.5	1.1.1.1
Oct 20, 2024 06:40:03.429872990 CEST	53	57791	1.1.1.1	192.168.2.5
Oct 20, 2024 06:40:03.431066990 CEST	60389	53	192.168.2.5	1.1.1.1
Oct 20, 2024 06:40:03.449059963 CEST	53	60389	1.1.1.1	192.168.2.5
Oct 20, 2024 06:40:03.450474977 CEST	49662	53	192.168.2.5	1.1.1.1
Oct 20, 2024 06:40:03.460561991 CEST	53	49662	1.1.1.1	192.168.2.5
Oct 20, 2024 06:40:03.462559938 CEST	54479	53	192.168.2.5	1.1.1.1
Oct 20, 2024 06:40:03.469826937 CEST	53	54479	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 20, 2024 06:40:03.352771997 CEST	192.168.2.5	1.1.1.1	0xa7b9	Standard query (0)	clearancek.site	A (IP address)	IN (0x0001)	false
Oct 20, 2024 06:40:03.365154982 CEST	192.168.2.5	1.1.1.1	0x8741	Standard query (0)	mobbipenju.store	A (IP address)	IN (0x0001)	false
Oct 20, 2024 06:40:03.386629105 CEST	192.168.2.5	1.1.1.1	0x35f3	Standard query (0)	eaglepawnoy.store	A (IP address)	IN (0x0001)	false
Oct 20, 2024 06:40:03.398893118 CEST	192.168.2.5	1.1.1.1	0x1046	Standard query (0)	dissapoiznw.store	A (IP address)	IN (0x0001)	false
Oct 20, 2024 06:40:03.410044909 CEST	192.168.2.5	1.1.1.1	0x9b6	Standard query (0)	studennotediw.store	A (IP address)	IN (0x0001)	false
Oct 20, 2024 06:40:03.420826912 CEST	192.168.2.5	1.1.1.1	0xb505	Standard query (0)	bathdoomgaz.store	A (IP address)	IN (0x0001)	false
Oct 20, 2024 06:40:03.431066990 CEST	192.168.2.5	1.1.1.1	0x666e	Standard query (0)	spirittunek.store	A (IP address)	IN (0x0001)	false
Oct 20, 2024 06:40:03.450474977 CEST	192.168.2.5	1.1.1.1	0xbb16	Standard query (0)	licendfilteo.site	A (IP address)	IN (0x0001)	false
Oct 20, 2024 06:40:03.462559938 CEST	192.168.2.5	1.1.1.1	0x1ac0	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 20, 2024 06:40:03.361829042 CEST	1.1.1.1	192.168.2.5	0xa7b9	Name error (3)	clearancek.site	none	none	A (IP address)	IN (0x0001)	false
Oct 20, 2024 06:40:03.374270916 CEST	1.1.1.1	192.168.2.5	0x8741	Name error (3)	mobbipenju.store	none	none	A (IP address)	IN (0x0001)	false
Oct 20, 2024 06:40:03.395450115 CEST	1.1.1.1	192.168.2.5	0x35f3	Name error (3)	eaglepawnoy.store	none	none	A (IP address)	IN (0x0001)	false
Oct 20, 2024 06:40:03.407701969 CEST	1.1.1.1	192.168.2.5	0x1046	Name error (3)	dissapoiznw.store	none	none	A (IP address)	IN (0x0001)	false
Oct 20, 2024 06:40:03.418554068 CEST	1.1.1.1	192.168.2.5	0x9b6	Name error (3)	studennotediw.store	none	none	A (IP address)	IN (0x0001)	false
Oct 20, 2024 06:40:03.429872990 CEST	1.1.1.1	192.168.2.5	0xb505	Name error (3)	bathdoomgaz.store	none	none	A (IP address)	IN (0x0001)	false
Oct 20, 2024 06:40:03.449059963 CEST	1.1.1.1	192.168.2.5	0x666e	Name error (3)	spirittunek.store	none	none	A (IP address)	IN (0x0001)	false
Oct 20, 2024 06:40:03.460561991 CEST	1.1.1.1	192.168.2.5	0xbb16	Name error (3)	licendfilteo.site	none	none	A (IP address)	IN (0x0001)	false
Oct 20, 2024 06:40:03.469826937 CEST	1.1.1.1	192.168.2.5	0x1ac0	No error (0)	steamcommunity.com		104.102.49.254	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

steamcommunity.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49704	104.102.49.254	443	5004	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-20 04:40:04 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-10-20 04:40:05 UTC	1891	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://ste [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Sun, 20 Oct 2024 04:40:05 GMT Content-Length: 25258 Connection: close Set-Cookie: sessionid=4310b6566086a755f4eb0aca; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7C0e3d185a3e106e73b244decdec33a0ea; Path=/; Secure; HttpOnly; SameSite=None
2024-10-20 04:40:05 UTC	14493	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><

Target ID:	0
Start time:	00:39:59
Start date:	20/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x9d0000
File size:	2'965'504 bytes
MD5 hash:	4A1A4DF1C161219662BD9BCBE281E2F6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	56.2%
Total number of Nodes:	48
Total number of Limit Nodes:	6

Executed Functions

Function 00A150FA Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNEL32(19A41BB1,00000000,00000800), ref: 00A15182

Strings

@^, xrefs: 00A15120
<I$), xrefs: 00A152E3
<I$), xrefs: 00A15198

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: LibraryLoad
String ID: <I$)$<I$)$@^
API String ID: 1029625771-935358343
Opcode ID: d80a64af891c3a053eb32ce9c75858206aaf6b3f656727c95e24295578fcde47
Instruction ID: 7b4bbf9c40e478cc31d26d0de48574d3f1833b563068b400553b3f18b3652978
Opcode Fuzzy Hash: d80a64af891c3a053eb32ce9c75858206aaf6b3f656727c95e24295578fcde47
Instruction Fuzzy Hash: 2521A135508384CFC710DFA8D88076AB7E4AB9A300F69482CE1C5D7351D775DA56CF56

Function 009DFCA0 Relevance: 5.4, Strings: 4, Instructions: 373
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

VY^_, xrefs: 009DFDFF
J|BJ, xrefs: 009E000D
t, xrefs: 009DFCBE
V, xrefs: 009DFEDC

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: J|BJ$V$VY^_$t
API String ID: 0-3701112211
Opcode ID: 071c71b9e17c9674204d0856250203d1663bd90a674bb443a329cec1c65280b4
Instruction ID: 930b75027d719960af69b49ab9dfcdd9003cc8cccfc24160056a81998a381d4d
Opcode Fuzzy Hash: 071c71b9e17c9674204d0856250203d1663bd90a674bb443a329cec1c65280b4
Instruction Fuzzy Hash: B1D1767450C3809BD312DF19949062FBBE6ABD6B44F18882DF4C98B352C376CD49DB92

Function 009DD110 Relevance: 1.7, APIs: 1, Instructions: 168
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(00000000), ref: 009DD2F1

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 1ed0735fcb3097e5dd8a1b63b234db42622d53c7e7918f2ff74c2145eeae1a60
Instruction ID: 558be9550265e26dc7f8823d9de8bdf3708da739e715010822dc82b8fdcf1b84
Opcode Fuzzy Hash: 1ed0735fcb3097e5dd8a1b63b234db42622d53c7e7918f2ff74c2145eeae1a60
Instruction Fuzzy Hash: CF41237458E380ABC701AB68D684A2EFBE5AF92744F14CC0DE5D497352C336D8149B67

Function 00A15BB0 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL(00A1973D,005C003F,00000006,?,?,00000018,8C8D8A8B,?,?), ref: 00A15BDE

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82

Function 00A1695B Relevance: 1.4, Strings: 1, Instructions: 100
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

@, xrefs: 00A169C5

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 59841026d13afdfb57aa75f77f67ec42adbb4e8ad23105f0253ce6c9f31e0a5e
Instruction ID: 1eb08b08ce0a8f4dfcf4c2b11a6e422cc3f24fb79edd567753b691d293919aff
Opcode Fuzzy Hash: 59841026d13afdfb57aa75f77f67ec42adbb4e8ad23105f0253ce6c9f31e0a5e
Instruction Fuzzy Hash: E23187B19083018FD718DF28C8A067AB7F5FF85384F48982CE5C6D7261E3389985CB56

Function 009E049B Relevance: .3, Instructions: 264
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d0b9e980db658c0addebd501a3961ecf6ba03a4776d394a8ef081b493e9f86c
Instruction ID: 3f94d2bcacf0cd4d2aa20941bd3bfd2f4dfee557bcca0b6f21f8f8b6d9565f0e
Opcode Fuzzy Hash: 6d0b9e980db658c0addebd501a3961ecf6ba03a4776d394a8ef081b493e9f86c
Instruction Fuzzy Hash: 3291AC75200B40CFD325CF65E890A27B7F6FF89310B158A6DE8968BAA1D770F816CB50

Function 009E0228 Relevance: .2, Instructions: 218
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c90028ea0dcc827690612dc56ad062fa606b5d8037863a8d19c41e72b89c5f77
Instruction ID: 06a1cfc929a760487b300a9975f4714580d18556bd0c19cc46cd95578e48e406
Opcode Fuzzy Hash: c90028ea0dcc827690612dc56ad062fa606b5d8037863a8d19c41e72b89c5f77
Instruction Fuzzy Hash: 07718934200B40CFD725CFA5E894B26B7F6FF89310F15C96CE8968BA62D771A816CB50

Function 00A199D0 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a6a745de9fd166b05a4aa01858cea3d039280f8d1db7e07433b210b5682b994
Instruction ID: 2298ad3392503fdd05678d7ecb4b92517682f07d88c545f8a4ed940eb3dbf324
Opcode Fuzzy Hash: 5a6a745de9fd166b05a4aa01858cea3d039280f8d1db7e07433b210b5682b994
Instruction Fuzzy Hash: 1941AF3464C300ABD724DB29D9A0B6BB7B9EF85750F14882CE58A97251D331E886CB62

Function 00A163B8 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 68cff799684ee4328175c2d15476d828773ce40e6a2043a0d42422e947dbdf08
Instruction ID: 811c5ddb46f7d3f4d8a5fc724eb47c2ecf3915f5a106dbff498a46ec0bac14df
Opcode Fuzzy Hash: 68cff799684ee4328175c2d15476d828773ce40e6a2043a0d42422e947dbdf08
Instruction Fuzzy Hash: 9E31E670649301BBDA24DB18CE81F7AB7A5FB85B51F64891CF1C19B2D1D370A892CB52

Function 00A13220 Relevance: 1.6, APIs: 1, Instructions: 59
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(?,00000000), ref: 00A132A6

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 6cb689ac34c46b1d25f31b2c76e2f4c428b8fbb48790107d9b14ffd7bba37dec
Instruction ID: 8dee2254c082661afa000f08a84869bb54e2133bbddb2c108a3174800c7e1171
Opcode Fuzzy Hash: 6cb689ac34c46b1d25f31b2c76e2f4c428b8fbb48790107d9b14ffd7bba37dec
Instruction Fuzzy Hash: 94014B3550D2409BC711EF58E849A6ABBF8EF5A710F05482CE5C58B361D239DD61CB92

Function 00A13202 Relevance: 1.5, APIs: 1, Instructions: 6
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,00000000), ref: 00A13208

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 6faf6c730e111d7bf8189f7bf2042ade6142ee0f2448ba43a67f78ae879248f3
Instruction ID: 4bb1e6311b32a7e736115197b6a2476c95185155f4f2a6b68d2a0ad6cb8d5eb7
Opcode Fuzzy Hash: 6faf6c730e111d7bf8189f7bf2042ade6142ee0f2448ba43a67f78ae879248f3
Instruction Fuzzy Hash: 2FB012300400005FDA141B04EC0AF103510EB00605F800060A100140B2D1655866C554

Non-executed Functions

Function 009EDB6F Relevance: 32.0, Strings: 24, Instructions: 2006COMMON

Download Yara Rule

Strings

89&', xrefs: 009EE93B
tuJK, xrefs: 009EE967
AR, xrefs: 009EDD10
xgfe, xrefs: 009EE71D
QNOL, xrefs: 009EE775
dcba, xrefs: 009EE728
%*+(, xrefs: 009EDE37, 009EDE46
lkji, xrefs: 009EE73E
`Y^_, xrefs: 009EE99E
WP, xrefs: 009EDCEF
tsrq, xrefs: 009EE6FC
()./, xrefs: 009EE9CA
D, xrefs: 009EE846
:WUE, xrefs: 009EF6B7, 009EF6C6
@ONM, xrefs: 009EE6DB
LKJI, xrefs: 009EE6E6
|, xrefs: 009EECB1
<=2, xrefs: 009EEA01
mjkh, xrefs: 009EE7D8
T, xrefs: 009EF157
`onm, xrefs: 009EE733
DCBA, xrefs: 009EE887, 009EE896
89>?, xrefs: 009EE9F6
<=:;, xrefs: 009EE930

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: %*+($()./$89&'$89>?$:WUE$<=2$<=:;$@ONM$AR$D$DCBA$LKJI$QNOL$T$WP$`Y^_$`onm$dcba$lkji$mjkh$tsrq$tuJK$xgfe$|
API String ID: 2994545307-1418943773
Opcode ID: bccaa97622b58f6ac2a4411ff975818e45af6b36ff328a7c1db6f57a939ed244
Instruction ID: 5e4c2e30a62a78c39e8bb65ed561bf100a980f6989c3b7a23c08648cc5da8195
Opcode Fuzzy Hash: bccaa97622b58f6ac2a4411ff975818e45af6b36ff328a7c1db6f57a939ed244
Instruction Fuzzy Hash: EFF285B15093C19BD771CF15C894BABBBE6BBD5300F144C2DE4C98B292EB359885CB92

Function 00A023E0 Relevance: 31.3, APIs: 4, Strings: 12, Instructions: 3298COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00A040EF
|}&C, xrefs: 00A02F21
:, xrefs: 00A032DD
{l`~, xrefs: 00A0268C
`tii, xrefs: 00A02693
mlc@, xrefs: 00A0275C
f@~!, xrefs: 00A025FF
fedc, xrefs: 00A02782
aenQ, xrefs: 00A0276A
ggxz, xrefs: 00A02685
Cx, xrefs: 00A0453D
3<, xrefs: 00A032D6

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: %*+($3<$:$Cx$`tii$aenQ$f@~!$fedc$ggxz$mlc@${l`~$|}&C
API String ID: 0-786070067
Opcode ID: 6214edc7571ae27a6729011a1cdf6286bead640b82ccf2e547be971e7091ae58
Instruction ID: 102608e9f163bc0fd98c00a14c47d6848b9afc581f33050efaa02e9ccaa94438
Opcode Fuzzy Hash: 6214edc7571ae27a6729011a1cdf6286bead640b82ccf2e547be971e7091ae58
Instruction Fuzzy Hash: B933BD70504B818FD7258F39D590B62BBF1BF16304F58899DD4DA8BB92C736E806CBA1

Function 009F9F62 Relevance: 21.7, Strings: 17, Instructions: 473COMMON

Download Yara Rule

Strings

_Y, xrefs: 009FA641
kW, xrefs: 009FA380
(a*c, xrefs: 009FA147
WQ, xrefs: 009FA62B
N[, xrefs: 009FA375
hi, xrefs: 009FAB9D
?m,o, xrefs: 009FA13C
S], xrefs: 009FA636
Gt, xrefs: 009F9FF8
CG, xrefs: 009FAA32
sm, xrefs: 009FA830
]{, xrefs: 009FA1E7, 009FA1F3
JG, xrefs: 009FAA27
%e6g, xrefs: 009FA152
=], xrefs: 009FA36A
/), xrefs: 009FA66D
WH, xrefs: 009FAA1C

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: %e6g$(a*c$=]$?m,o$CG$Gt$JG$N[$WH$]{$hi$kW$/)$S]$WQ$_Y$sm
API String ID: 0-1131134755
Opcode ID: 548be9be2229b7a773111bd5b56f824c6fde1fe096bf85865d283d733396aa66
Instruction ID: 1f17f1eb32e026ac15c84185a38e4da446adfb733518407dc8144f7ee9927193
Opcode Fuzzy Hash: 548be9be2229b7a773111bd5b56f824c6fde1fe096bf85865d283d733396aa66
Instruction Fuzzy Hash: 9352C7B404D385CAE270CF25D681B9EBAF1BB92740F608A1DE2ED9B255DB708045CF93

Function 009F9510 Relevance: 20.4, Strings: 16, Instructions: 427COMMON

Download Yara Rule

Strings

;IJK, xrefs: 009F983E
?M0K, xrefs: 009F9968
B7U1, xrefs: 009F9AFB
,A&C, xrefs: 009F982E
pq, xrefs: 009F99E0
T#a-, xrefs: 009F9AE3
X/R), xrefs: 009F9AEB
2A"_, xrefs: 009F9980
G+X5, xrefs: 009F9AF3
G'M!, xrefs: 009F9ADB
z=Q?, xrefs: 009F9826
L3Y=, xrefs: 009F9B03
O+f), xrefs: 009F9634, 009F963D
8;, xrefs: 009F9B13
!E4G, xrefs: 009F9836
B?Q9, xrefs: 009F9B0B

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: !E4G$,A&C$2A"_$8;$;IJK$?M0K$B7U1$B?Q9$G'M!$G+X5$L3Y=$O+f)$T#a-$X/R)$pq$z=Q?
API String ID: 0-655414846
Opcode ID: c35fcc1aad05fefc5c217f7909e95ada6d0278c24cee385fef98b3799b536740
Instruction ID: b62339605489520d30277ece3750c451bb82c8637dce295f74db29cbcb1454db
Opcode Fuzzy Hash: c35fcc1aad05fefc5c217f7909e95ada6d0278c24cee385fef98b3799b536740
Instruction Fuzzy Hash: 3BF150B0408389ABD310DF19D980A2BBBF4FB8AB48F144D1CF6D59B252D334D909CB96

Function 00BA285A Relevance: 16.6, Strings: 12, Instructions: 1585COMMON

Download Yara Rule

Strings

{u7, xrefs: 00BA2DF4
Jj)@, xrefs: 00BA3724
?$U, xrefs: 00BA2C80
gwK?, xrefs: 00BA3381
a5N, xrefs: 00BA2D17
">J2, xrefs: 00BA3730
O ./, xrefs: 00BA389A
P_v, xrefs: 00BA3229
8MLs, xrefs: 00BA2EA1
}nv_, xrefs: 00BA35C1
vFyk, xrefs: 00BA3944
[lW^, xrefs: 00BA30D6

Memory Dump Source

Source File: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: ">J2$8MLs$?$U$Jj)@$O ./$P_v$[lW^$a5N$gwK?$vFyk${u7$}nv_
API String ID: 0-3205330175
Opcode ID: 0e171618230634766bd58974cbe7fad646ac861efb54dce576753e998551e491
Instruction ID: f6d8956a3f9bb364d3821af674dfff4f7fecaa47b233804bfe3cc0bf96c705b0
Opcode Fuzzy Hash: 0e171618230634766bd58974cbe7fad646ac861efb54dce576753e998551e491
Instruction Fuzzy Hash: F3B226F360C2049FE304AE2DEC8567AFBE9EF94720F1A453DEAC487744EA7558018696

Function 009FDD29 Relevance: 14.9, Strings: 11, Instructions: 1142COMMON

Download Yara Rule

Strings

upH}, xrefs: 009FDE8A, 009FE798, 009FDF4A
<Y.[, xrefs: 009FE27D
n\+H, xrefs: 009FDDC0
)IgK, xrefs: 009FE261
%*+(, xrefs: 009FE143
Y9N;, xrefs: 009FE245
{E, xrefs: 009FE323
-M2O, xrefs: 009FE25A
=]+_, xrefs: 009FE276
hX]N, xrefs: 009FDDC7
,Q?S, xrefs: 009FE26F

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: %*+($)IgK$,Q?S$-M2O$<Y.[$=]+_$Y9N;$hX]N$n\+H$upH}${E
API String ID: 0-1557708024
Opcode ID: 3df6175570e8e06d3942ee121a982617802a2dddacfda2f51b4590fd302e0bf6
Instruction ID: da3a39168e9ebb80c6ec23a087ab0690ce8b64930c3ff9ab044c4f74a1aa8a56
Opcode Fuzzy Hash: 3df6175570e8e06d3942ee121a982617802a2dddacfda2f51b4590fd302e0bf6
Instruction Fuzzy Hash: 5692E471E00219CFDB14CFA8D8916BEBBB2FF59310F298169E515AB3A1D7359D02CB90

Function 00B938D8 Relevance: 12.8, Strings: 9, Instructions: 1551COMMON

Download Yara Rule

Strings

{kw, xrefs: 00B93F0B
QLf_, xrefs: 00B944B6
a3n, xrefs: 00B942FD
"MCB, xrefs: 00B93E14
O!z?, xrefs: 00B9481F
rf_y, xrefs: 00B93D3B
-k9, xrefs: 00B93C3E
:M?}, xrefs: 00B93E45
1k9, xrefs: 00B93C49

Memory Dump Source

Source File: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: "MCB$-k9$1k9$:M?}$O!z?$QLf_$a3n$rf_y${kw
API String ID: 0-2721321165
Opcode ID: 4bf7f798737db2b7313dd5daf631b3a222479f6b544b2b74c0dfeffe30310a0b
Instruction ID: 44a481be82821a51b94d8967ea22f412918c5e0506280db3065fd788753ce2af
Opcode Fuzzy Hash: 4bf7f798737db2b7313dd5daf631b3a222479f6b544b2b74c0dfeffe30310a0b
Instruction Fuzzy Hash: B0B2C4F360C2049FE304AF29EC8567ABBE9EF94720F16893DE6C4C7344E63598458697

Function 00B989B3 Relevance: 11.7, Strings: 8, Instructions: 1660COMMON

Download Yara Rule

Strings

|(%A, xrefs: 00B99D5C
*9;, xrefs: 00B9908E
/}, xrefs: 00B99979
?dD, xrefs: 00B99CAD
W@{_, xrefs: 00B9905E
QlW, xrefs: 00B991FC
06>, xrefs: 00B997C1
_, xrefs: 00B99A55

Memory Dump Source

Source File: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: *9;$06>$?dD$QlW$W@{_$|(%A$/}$_
API String ID: 0-2837065829
Opcode ID: cbffdb0b4a3fe4694d7511ce10f012f5314e1487fb7cd04c438278854839f8bf
Instruction ID: 16048f7f451836f4f503e50995e24fbf70ce10ae1e4555f48c58bbaa524193a0
Opcode Fuzzy Hash: cbffdb0b4a3fe4694d7511ce10f012f5314e1487fb7cd04c438278854839f8bf
Instruction Fuzzy Hash: 33B23AF3A0C204AFE3046E2DEC8577ABBE9EF94720F1A453DEAC4C7744E53598058696

Function 00B9A674 Relevance: 11.4, Strings: 8, Instructions: 1402COMMON

Download Yara Rule

Strings

9[OB, xrefs: 00B9AD7F
FOzz, xrefs: 00B9A8EF
jXO, xrefs: 00B9AF88
{G[, xrefs: 00B9A8B6
%O, xrefs: 00B9B2D0
:~, xrefs: 00B9B5B9
.N, xrefs: 00B9B192
J[m, xrefs: 00B9B28B

Memory Dump Source

Source File: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: %O$.N$9[OB$FOzz$J[m$jXO${G[$:~
API String ID: 0-926153205
Opcode ID: cb39f29efff98ff1fe382dd61a45ba260e9fa64ea98fbdeb4d6c8b48e81f6f35
Instruction ID: fc10337db2668f2cd389ab0501eeb6ccb8a1edd335084d25575627884f53a8c1
Opcode Fuzzy Hash: cb39f29efff98ff1fe382dd61a45ba260e9fa64ea98fbdeb4d6c8b48e81f6f35
Instruction Fuzzy Hash: E8921AF360C204AFE7046E2DEC8577ABBE9EF94720F16493DEAC4C3744E63558118696

Function 009F098B Relevance: 10.8, Strings: 8, Instructions: 836COMMON

Download Yara Rule

Strings

qrqp, xrefs: 009F1089
%*+(, xrefs: 009F0A77, 009F0A86
{, xrefs: 009F1502
cah`, xrefs: 009F107E
,#15, xrefs: 009F0F94
&> &, xrefs: 009F0F89
9.5^, xrefs: 009F0F9F
gce/, xrefs: 009F1073

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: %*+($&> &$,#15$9.5^$cah`$gce/$qrqp${
API String ID: 0-4102007303
Opcode ID: 53d916a1431c509a0be9e68a2916d734cf48da1540a85bc2e47027884ac72c7c
Instruction ID: f952e3164c8ac5ad0c16d0a7e2aa2400e7f8a2c3292fc71401d643c3fea10dcd
Opcode Fuzzy Hash: 53d916a1431c509a0be9e68a2916d734cf48da1540a85bc2e47027884ac72c7c
Instruction Fuzzy Hash: 3462A9B16083858BD730CF14D891BABBBE5FFD6314F04892DE59A8B642E3758941CB93

Function 009D1000 Relevance: 10.5, Strings: 7, Instructions: 1785COMMON

Download Yara Rule

Strings

-, xrefs: 009D21ED
gfff, xrefs: 009D2226
gfff, xrefs: 009D22E1
gfff, xrefs: 009D2297
0123456789abcdefxp, xrefs: 009D1587, 009D15F8
0123456789ABCDEFXP, xrefs: 009D157D, 009D15EB
@, xrefs: 009D2C40

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$@$gfff$gfff$gfff
API String ID: 0-2517803157
Opcode ID: 78a7e22cda12cb676863bae17460c293c6d6b63b3f57493178d2b6e96686a6a0
Instruction ID: 347975ddb999203e8f07937d7e013eae18e7bc4a0a6f94e5a181abb4d59eccbd
Opcode Fuzzy Hash: 78a7e22cda12cb676863bae17460c293c6d6b63b3f57493178d2b6e96686a6a0
Instruction Fuzzy Hash: 02D204726483419FC718CF28C49436ABBE2AFD9314F18CA2EE59987391D778DD45CB82

Function 00BA4320 Relevance: 10.4, Strings: 7, Instructions: 1614COMMON

Download Yara Rule

Strings

FDX, xrefs: 00BA46AF
qlkK, xrefs: 00BA5433
_-Z}, xrefs: 00BA4FD1
FDX, xrefs: 00BA46D2
VO, xrefs: 00BA4936
v_o, xrefs: 00BA4955
q-{k, xrefs: 00BA5288

Memory Dump Source

Source File: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: FDX$FDX$VO$_-Z}$q-{k$qlkK$v_o
API String ID: 0-2465557768
Opcode ID: 3417f55d70a5f84aa3d36df4a9fb8b388e743aece29e7eb4361395a84fd6d2e3
Instruction ID: 9d024729e2d4a931909c8d34e75aa4e6214dd4f1ae1616fb2d44b35099980ff9
Opcode Fuzzy Hash: 3417f55d70a5f84aa3d36df4a9fb8b388e743aece29e7eb4361395a84fd6d2e3
Instruction Fuzzy Hash: E5B217F390C2049FE304AE29DC4567AFBE9EF94720F1A893DEAC583744EA3558058797

Function 00B90306 Relevance: 10.4, Strings: 7, Instructions: 1610COMMON

Download Yara Rule

Strings

;sr, xrefs: 00B915EA
<5~, xrefs: 00B90C57
J2, xrefs: 00B90E43
kee, xrefs: 00B90C01
!M5j, xrefs: 00B90F3B
AHi, xrefs: 00B90C16
Y.W, xrefs: 00B90AFA

Memory Dump Source

Source File: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: !M5j$AHi$J2$Y.W$kee$;sr$<5~
API String ID: 0-3437482753
Opcode ID: 4ab21790f3b25765e39a1c8c34dad35d651ef0c7aa30af4dd6c83dd21144c5d2
Instruction ID: 28e85035063455ddfc43549d4510db2524af348e213a8110501bba05c8d8b95a
Opcode Fuzzy Hash: 4ab21790f3b25765e39a1c8c34dad35d651ef0c7aa30af4dd6c83dd21144c5d2
Instruction Fuzzy Hash: 63B2D6F390C2049FE3046E29EC8567AB7E9EB94320F16893DEAC5C7744EA3598058797

Function 00BA79B4 Relevance: 7.9, Strings: 5, Instructions: 1617COMMON

Download Yara Rule

Strings

0jw, xrefs: 00BA79D5
+O3, xrefs: 00BA7E75
&0E~, xrefs: 00BA7FC0
q9P, xrefs: 00BA7D95
-%{, xrefs: 00BA8B9F

Memory Dump Source

Source File: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: &0E~$+O3$-%{$0jw$q9P
API String ID: 0-1128511612
Opcode ID: a1c1e4a2e2f466959d2899cedc1794ccebe5188a7bcb764da680a428e22b11a2
Instruction ID: 44528d4e1ab471d460f7d19e6e1e04bc4ab6bc671de981fce287e43292a36d78
Opcode Fuzzy Hash: a1c1e4a2e2f466959d2899cedc1794ccebe5188a7bcb764da680a428e22b11a2
Instruction Fuzzy Hash: 56B208F360C204AFE304AE29EC4577ABBE5EF94720F1A4A3DE6C5C3744E63598058697

Function 00B95564 Relevance: 7.7, Strings: 5, Instructions: 1458COMMON

Download Yara Rule

Strings

}By?, xrefs: 00B95777
5?^, xrefs: 00B95B02
wLO, xrefs: 00B9664D
-?, xrefs: 00B96456
:o/}, xrefs: 00B966D6

Memory Dump Source

Source File: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: -?$5?^$:o/}$wLO$}By?
API String ID: 0-33439806
Opcode ID: 31923e198a94e5f7bc93a0f45407de518ce72ea167d67e34c7744d7cd442037b
Instruction ID: 33775d8cb5cd653cc1e225e56daadcc0f7b9d04ce038912cb6f516898e5eb2cf
Opcode Fuzzy Hash: 31923e198a94e5f7bc93a0f45407de518ce72ea167d67e34c7744d7cd442037b
Instruction Fuzzy Hash: C4A215F360C2049FE3046E2DEC8567ABBE9EF94320F1A493DE6C4C7744EA3598458697

Function 009D12F7 Relevance: 7.2, Strings: 5, Instructions: 922COMMON

Download Yara Rule

Strings

i, xrefs: 009D28EA
0, xrefs: 009D1E88
@, xrefs: 009D3531
0, xrefs: 009D1DC1
0, xrefs: 009D243E

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: 0$0$0$@$i
API String ID: 0-3124195287
Opcode ID: 1ca42f20cac7d118d9e0f4b74a67465da4d556411d6b7bb503e4132120a788b4
Instruction ID: 132dd3fb40918dce46621c6377f6f37a04882e841cfdad9703ebcf71ed499c9b
Opcode Fuzzy Hash: 1ca42f20cac7d118d9e0f4b74a67465da4d556411d6b7bb503e4132120a788b4
Instruction Fuzzy Hash: 8062C07164C3819BC319CF28C59076ABBE5ABE5304F18CE6EE8D987391D378D945CB82

Function 009D164F Relevance: 6.7, Strings: 5, Instructions: 472COMMON

Download Yara Rule

Strings

+, xrefs: 009D1573
gfff, xrefs: 009D1F57
0123456789abcdefxp, xrefs: 009D1659
0123456789ABCDEFXP, xrefs: 009D164F
gfff, xrefs: 009D1F3C

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: +$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
API String ID: 0-1123320326
Opcode ID: ea8ce49f756fdfb73bf9df3cb80a6eb096bcd6cc12d2d72fee9acf1b3effa854
Instruction ID: a67768536da37ac13a91eb11d2389cd46d5d17fefaff9fcd77bacbc7fe77dca9
Opcode Fuzzy Hash: ea8ce49f756fdfb73bf9df3cb80a6eb096bcd6cc12d2d72fee9acf1b3effa854
Instruction Fuzzy Hash: C0F1803164C3818FC715CF28C48426AFBE2ABE9304F18CA6EE4D987356D778D945CB92

Function 00BA9459 Relevance: 6.7, Strings: 4, Instructions: 1657COMMON

Download Yara Rule

Strings

Q}q=, xrefs: 00BA957C
x|, xrefs: 00BA9A46
a|m, xrefs: 00BAA6F7
e7B, xrefs: 00BAA55F

Memory Dump Source

Source File: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: e7B$Q}q=$a|m$x|
API String ID: 0-77398344
Opcode ID: 19fca314a9389d3ce75ae6fe0c6910dab7612f1bbf3a77bc455e5bae1db53527
Instruction ID: 87c4197d9b831d157d7a28f36407701c16657b40d181e6b2da165b5953a4b9de
Opcode Fuzzy Hash: 19fca314a9389d3ce75ae6fe0c6910dab7612f1bbf3a77bc455e5bae1db53527
Instruction Fuzzy Hash: 48B2F6F360C204AFE304AE2DDC8567AB7E9EFD4720F1A893DE6C5C3744EA3558058696

Function 009D13A3 Relevance: 6.6, Strings: 5, Instructions: 390COMMON

Download Yara Rule

Strings

gfff, xrefs: 009D1F57
0123456789abcdefxp, xrefs: 009D13AD
0123456789ABCDEFXP, xrefs: 009D13A3
-, xrefs: 009D1F23
gfff, xrefs: 009D1F3C

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
API String ID: 0-3620105454
Opcode ID: ac437651edbce3ba0f925400ed4aa5a31f1863d572a5b5a5ff028a44337bfdc1
Instruction ID: 880b7e566daebbb13f0d02af862234973d98998db0f53815c27286474f0b8d6b
Opcode Fuzzy Hash: ac437651edbce3ba0f925400ed4aa5a31f1863d572a5b5a5ff028a44337bfdc1
Instruction Fuzzy Hash: 08D18F3560C7828FC715CF29C48426AFBE2AFD9304F08CA6EE4D987356D678D949CB52

Function 00BA5DE4 Relevance: 6.6, Strings: 4, Instructions: 1616COMMON

Download Yara Rule

Strings

TIx, xrefs: 00BA64E8
ty<, xrefs: 00BA6DF6
bwu, xrefs: 00BA6ED3
g@k, xrefs: 00BA64F7

Memory Dump Source

Source File: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: TIx$bwu$g@k$ty<
API String ID: 0-3473376531
Opcode ID: a3d60c86a542a62fd39c1f41f561e10aff7f8c0895b0c7a5ffceb83a240fe3b7
Instruction ID: d27c79b48207647f89196c218241c339aaf94e663828c29516d10696a2087842
Opcode Fuzzy Hash: a3d60c86a542a62fd39c1f41f561e10aff7f8c0895b0c7a5ffceb83a240fe3b7
Instruction Fuzzy Hash: C2B208F3A0C2009FE7046E2DEC8567ABBE5EF94720F1A453DEAC5C7740EA3598058697

Function 009FFD10 Relevance: 5.7, Strings: 4, Instructions: 667COMMON

Download Yara Rule

Strings

m1s3, xrefs: 009FFEC3, 009FFECB
uvw, xrefs: 009FFE95
:, xrefs: 00A00087
NA_I, xrefs: 00A0036D

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: :$NA_I$m1s3$uvw
API String ID: 0-3973114637
Opcode ID: a4e68c826354d8cacbff018802b10f5d585f6f5f87be0f4d0fa15e2cf154ebdb
Instruction ID: 7fcce35cbf77b841d11606e80e43d84a57f8acbbd5a9bff864bd782b6224df20
Opcode Fuzzy Hash: a4e68c826354d8cacbff018802b10f5d585f6f5f87be0f4d0fa15e2cf154ebdb
Instruction Fuzzy Hash: 8332ABB0908385DFD311DF69E880B2ABBE5AB99340F148A2CF5D58B292D335D946CF52

Function 009E3BE2 Relevance: 5.4, Strings: 4, Instructions: 431COMMON

Download Yara Rule

Strings

ss, xrefs: 009E3C79
;z, xrefs: 009E3C87
%*+(, xrefs: 009E3EC4
p, xrefs: 009E3C80

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: %*+($;z$p$ss
API String ID: 0-2391135358
Opcode ID: 611910fbc4516169df863a7f6f74288d34f63d41727b127de23d0db3887bb86b
Instruction ID: 54fd70e06ee80735d08586963abc60f2a1977f8207d848ef900406ab216c7521
Opcode Fuzzy Hash: 611910fbc4516169df863a7f6f74288d34f63d41727b127de23d0db3887bb86b
Instruction Fuzzy Hash: F9025BB4810B40DFD760DF29D986756BFF5FB01300F50895DE89A8B696E330A819CFA2

Function 009F2260 Relevance: 5.4, Strings: 4, Instructions: 383COMMON

Download Yara Rule

Strings

hu, xrefs: 009F232F
lc, xrefs: 009F2507
sj, xrefs: 009F2327
a|, xrefs: 009F2317

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: a|$hu$lc$sj
API String ID: 0-3748788050
Opcode ID: 0c8de8fc585125a13e7e7eeb10ea57b2739443b7868756238a14c9b6da625972
Instruction ID: ba1a4d3d89ff7c6b338cdb59efc3ed0ea28cc0d506b216fce06d2547a1599252
Opcode Fuzzy Hash: 0c8de8fc585125a13e7e7eeb10ea57b2739443b7868756238a14c9b6da625972
Instruction Fuzzy Hash: A8A1A8B04083458BC720DF18C891B2BB7F4FF95754F588A0CE9D99B2A1E379D941CB92

Function 009FD7AF Relevance: 5.2, Strings: 4, Instructions: 213COMMON

Download Yara Rule

Strings

CV, xrefs: 009FD98B
#', xrefs: 009FD9EA
KV, xrefs: 009FD97D
T>, xrefs: 009FD984

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: #'$CV$KV$T>
API String ID: 0-95592268
Opcode ID: 4750c9adcb12d638fc2dc3133a172aebdae02f5772fcda5cd1c22e451527cb7a
Instruction ID: 4e930f621de4f1cd0d8e4387338ec58fc976569ddc461ebd4f160bd01dea4e02
Opcode Fuzzy Hash: 4750c9adcb12d638fc2dc3133a172aebdae02f5772fcda5cd1c22e451527cb7a
Instruction Fuzzy Hash: 038157B480174A9BCB20DFA5D28556EBFB1FF12300F60460CE4867BA55C334AA55CFE2

Function 009FAC91 Relevance: 5.1, Strings: 4, Instructions: 128COMMON

Download Yara Rule

Strings

,{*y, xrefs: 009FAD07, 009FAD13
4c2a, xrefs: 009FACA9
(g6e, xrefs: 009FACA1
lk, xrefs: 009FACBC

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: (g6e$,{*y$4c2a$lk
API String ID: 0-1327526056
Opcode ID: c927d1786d2ced3a96fab723ad3143a974a52171624810ada195daa000ce2b7b
Instruction ID: a9224750ee60a65c7c030b8ee15d053b5f6eee717b1b1f7271d6ea13fef5fb55
Opcode Fuzzy Hash: c927d1786d2ced3a96fab723ad3143a974a52171624810ada195daa000ce2b7b
Instruction Fuzzy Hash: BD4174B4408381CAD720DF24D900BABB7F4FF86305F54996DE6C897260DB31D946CB9A

Function 009FC470 Relevance: 4.2, Strings: 3, Instructions: 419COMMON

Download Yara Rule

Strings

~/i!, xrefs: 009FC537
%*+(, xrefs: 009FC8C3, 009FC8CB
%*+(, xrefs: 009FC9E4, 009FC9ED

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: %*+($%*+($~/i!
API String ID: 0-4033100838
Opcode ID: 1d48b77d7e4b99f80e5d7816de1eb4c17eef68b735ecef8e5331fba00fc8ee87
Instruction ID: bf46ca61b33c1abe0c1c9d2b273f30c43a37a1c730592e02be4256433f0db175
Opcode Fuzzy Hash: 1d48b77d7e4b99f80e5d7816de1eb4c17eef68b735ecef8e5331fba00fc8ee87
Instruction Fuzzy Hash: 27E187B5508348DFE320DF68D981B6FBBE9FB95340F44882CE68987251E735D816CB92

Function 009D8590 Relevance: 4.1, Strings: 3, Instructions: 387COMMON

Download Yara Rule

Strings

IEND, xrefs: 009D89F0
), xrefs: 009D8616
), xrefs: 009D860C

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: )$)$IEND
API String ID: 0-588110143
Opcode ID: 2ae00ecc8d98bf2de8136103c26107a6e6ac6248707ba195190fae301db16c65
Instruction ID: 72ffe43f5b58acf54236b840b9fddbafeb0b8e08b65e1e26a01ea246ef0e80d4
Opcode Fuzzy Hash: 2ae00ecc8d98bf2de8136103c26107a6e6ac6248707ba195190fae301db16c65
Instruction Fuzzy Hash: 20E1C2B5A487029FE310CF28C84176BBBE4BB98314F14892EF59597382DB75E915CBC2

Function 00A14040 Relevance: 3.1, Strings: 2, Instructions: 577COMMON

Download Yara Rule

Strings

f, xrefs: 00A1420C
%*+(, xrefs: 00A140A4, 00A140AD

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: %*+($f
API String ID: 0-2038831151
Opcode ID: 42d0eec2eda2750d91b6e8fef88dbe3507c5040765055e6b492d47e2a9184c22
Instruction ID: 71901c491783b7535e44a7fdb6efb96591cf22c594c586f2a95664a43c9dd6bf
Opcode Fuzzy Hash: 42d0eec2eda2750d91b6e8fef88dbe3507c5040765055e6b492d47e2a9184c22
Instruction Fuzzy Hash: C5129E716083419FC715CF28C880BAEBBE6FBC9314F588A2CF4959B291D735D985CB92

Function 00BA1A9C Relevance: 3.0, Strings: 2, Instructions: 513COMMON

Download Yara Rule

Strings

78\, xrefs: 00BA1B0D
dE>?, xrefs: 00BA1D56

Memory Dump Source

Source File: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: 78\$dE>?
API String ID: 0-3232944537
Opcode ID: 96f16c6aebac45253c06fdbe45b8c883c942675a5ef2884718de6ea433519cec
Instruction ID: f6da0872eb8db42d000a3d6118858df7c200a4bc543d1922b97b4712fe586f0a
Opcode Fuzzy Hash: 96f16c6aebac45253c06fdbe45b8c883c942675a5ef2884718de6ea433519cec
Instruction Fuzzy Hash: 05F15CF3A087009FE304AE2DED8557AFBDAEFD4620F1A863EE5C5C3744E97458058692

Function 00A0F620 Relevance: 3.0, Strings: 2, Instructions: 461COMMON

Download Yara Rule

Strings

dg, xrefs: 00A0F7F5
hi, xrefs: 00A0F6E6

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: dg$hi
API String ID: 0-2859417413
Opcode ID: 5bd86eb04153f85655f8971dd36224dbfa407cb698f117fa5ad8d92ac31af36a
Instruction ID: 020c0eba3c73777223cc9e05c57e82eea85753b6b4f38ffae61b5f9c26d5f74c
Opcode Fuzzy Hash: 5bd86eb04153f85655f8971dd36224dbfa407cb698f117fa5ad8d92ac31af36a
Instruction Fuzzy Hash: 0BF1A471618341EFE324CF68D890B6ABBF6FB86344F14892CF0959B2A1C735D846CB52

Function 009D35B0 Relevance: 2.9, Strings: 2, Instructions: 411COMMON

Download Yara Rule

Strings

NaN, xrefs: 009D360E
Inf, xrefs: 009D3607

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: Inf$NaN
API String ID: 0-3500518849
Opcode ID: 360f9ec853146ce696137543a837e7a41234a39e513cc71a5b5bffe1be5be702
Instruction ID: 9730d23e4cc4cdf9fbfa62c2e19723e740c61bd902ca675dd3a3efd766daf59e
Opcode Fuzzy Hash: 360f9ec853146ce696137543a837e7a41234a39e513cc71a5b5bffe1be5be702
Instruction Fuzzy Hash: 80D1E6B1B583119BC704CF29C88061EBBE5EBC8750F15CA2EF999973A0E775DD058B82

Function 00B96E6A Relevance: 2.9, Strings: 1, Instructions: 1654COMMON

Download Yara Rule

Strings

k<;o, xrefs: 00B97E25

Memory Dump Source

Source File: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: k<;o
API String ID: 0-28123163
Opcode ID: ca246583bc92c584185218c01cc185c8f3b61a986517e497fe47e777ae1b07b1
Instruction ID: c48f89c085ee0b662b8fc5bee5dceba48480ce79901ac60737cedf73cc4394be
Opcode Fuzzy Hash: ca246583bc92c584185218c01cc185c8f3b61a986517e497fe47e777ae1b07b1
Instruction Fuzzy Hash: C4B22AF360C204AFE3046E2DEC8567AB7E9EFD4720F1A893DE6C5C3744E93598058696

Function 009EFFDF Relevance: 2.7, Strings: 2, Instructions: 185COMMON

Download Yara Rule

Strings

BaBc, xrefs: 009F0197
Ye[g, xrefs: 009F00F6

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: BaBc$Ye[g
API String ID: 0-286865133
Opcode ID: 6699275798c45f2f96cb667502d82c06f75a48c0a83d9f97b8911a18e43a21e7
Instruction ID: 43a2cb5f013656460af1e094d0865cb84798ad360e7d2637be70bd15004b0a10
Opcode Fuzzy Hash: 6699275798c45f2f96cb667502d82c06f75a48c0a83d9f97b8911a18e43a21e7
Instruction Fuzzy Hash: BE519BB160838A8AD731CF14C881BBBB7E8FFD6320F19491DE4998B652E7749940CB56

Function 009D5160 Relevance: 1.8, Strings: 1, Instructions: 577COMMON

Download Yara Rule

Strings

%1.17g, xrefs: 009D54C8

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: %1.17g
API String ID: 0-1551345525
Opcode ID: 7d6b672978c12a85fd134f18268d3e572fa668405051d7369891056e92b9d899
Instruction ID: 409033a76ac2e65644a94c47b0189e6231ab5b305d5bf554c2bd017f323a0965
Opcode Fuzzy Hash: 7d6b672978c12a85fd134f18268d3e572fa668405051d7369891056e92b9d899
Instruction Fuzzy Hash: A322E3B6A48B42CBE7158E18D94032AFBA6AFE0304F2EC56FE8594B351E775DC05C742

Function 00A012D0 Relevance: 1.7, Strings: 1, Instructions: 484COMMON

Download Yara Rule

Strings

", xrefs: 00A015D1

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
Instruction ID: 5988dbe8edcd5cb43bb1d40edc1c6cc814721f43b7ab8b5a37e92969499b6c3d
Opcode Fuzzy Hash: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
Instruction Fuzzy Hash: 0AF10471A083594BC724CF24D8906ABBBE6AFC5354F18C96DF89A8B3C2D634DD05C792

Function 009FAE57 Relevance: 1.7, Strings: 1, Instructions: 455COMMON

Download Yara Rule

Strings

%*+(, xrefs: 009FB2D3, 009FB2DB

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 5f70334d945a7bc12903aa0ac9efed4a2a808a9e49ac8fe17b082f44cd680769
Instruction ID: 68b3b7acf59480dcce580a3dd48d4c402f0c37be21c4956377c8dcb841e71585
Opcode Fuzzy Hash: 5f70334d945a7bc12903aa0ac9efed4a2a808a9e49ac8fe17b082f44cd680769
Instruction Fuzzy Hash: CAE1AB7150830ACBC724DF28C89057EB7E6FF98781F64892CE6C587224E735E956CB82

Function 009E6EBF Relevance: 1.7, Strings: 1, Instructions: 447COMMON

Download Yara Rule

Strings

%*+(, xrefs: 009E6EF3

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 24897103cc8f5cb2ba32f00d81423b2b547273d3bad21e000bb0b2a5b72c76e9
Instruction ID: 8a2c6f0ea951c4e0e37b187094f7984c3f5a4643df4294c87f009d75505db032
Opcode Fuzzy Hash: 24897103cc8f5cb2ba32f00d81423b2b547273d3bad21e000bb0b2a5b72c76e9
Instruction Fuzzy Hash: CDF19DB5A00A42CFC725DF25D881A26B7F6FF98354B148A2DE497877A1EB30F815CB40

Function 009F7E60 Relevance: 1.7, Strings: 1, Instructions: 425COMMON

Download Yara Rule

Strings

%*+(, xrefs: 009F8263, 009F826B

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 98c692f3c766543bcc1027ccc034c4c67ad605d13f449164df9220da35ea6e1d
Instruction ID: d3caad94c5e0d44700d3b43fadd1bd87e55a45fd1a51516ee8b921d217f89740
Opcode Fuzzy Hash: 98c692f3c766543bcc1027ccc034c4c67ad605d13f449164df9220da35ea6e1d
Instruction Fuzzy Hash: C2C1D171A08204ABDB10EF14C882A3BB7F9EF95754F48891CF9C597251E734ED15CBA2

Function 009F8D62 Relevance: 1.7, Strings: 1, Instructions: 410COMMON

Download Yara Rule

Strings

%*+(, xrefs: 009F9233, 009F923B

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: af26bb4a2ac6529668f5ae2f77293ead254272f5b851127fb89742f1c88f8293
Instruction ID: d48793b2f18747e327fd3c1d358c3039160f7f48de459db0eba67b6e92d39337
Opcode Fuzzy Hash: af26bb4a2ac6529668f5ae2f77293ead254272f5b851127fb89742f1c88f8293
Instruction Fuzzy Hash: DBD1CB70619302DFD714DFA8D890A3AB7E5FF89304F49887CE986872A2D734E852CB51

Function 00A17FC0 Relevance: 1.6, Strings: 1, Instructions: 387COMMON

Download Yara Rule

Strings

P, xrefs: 00A18167

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: P
API String ID: 0-3110715001
Opcode ID: c1b3e48e7d7aa2f25a66ed509c79e6b256f1f02893ce0a85adc3766324a18a63
Instruction ID: f445143df615e8a8e25e2e103eb2420a417bd6439b130126e1383bc1b6090ddb
Opcode Fuzzy Hash: c1b3e48e7d7aa2f25a66ed509c79e6b256f1f02893ce0a85adc3766324a18a63
Instruction Fuzzy Hash: 4FD1E5729082654FC725CE18D4907AEB7E2EB85718F158A2CE8B5AB380DB75DC86C7C1

Function 009FCCD0 Relevance: 1.6, Strings: 1, Instructions: 357COMMON

Download Yara Rule

Strings

%*+(, xrefs: 009FCDC3, 009FCDCB

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: %*+(
API String ID: 2994545307-3233224373
Opcode ID: 9a9d3188f492d3de03926ec67e97c520dd53a5a7e078c9da57dfb812415d9c64
Instruction ID: 5b02d8ee1224c54033dbd196b0c005234bf24f9cd248f2773dd007b6aea1bd36
Opcode Fuzzy Hash: 9a9d3188f492d3de03926ec67e97c520dd53a5a7e078c9da57dfb812415d9c64
Instruction Fuzzy Hash: 60B1E1B090930A9BD714DF24D980B3BFBE6EF85340F18892CE6C59B291E735D855CB92

Function 009DA850 Relevance: 1.5, Strings: 1, Instructions: 271COMMON

Download Yara Rule

Strings

,, xrefs: 009DA9C3

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: ,
API String ID: 0-3772416878
Opcode ID: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
Instruction ID: 1dfd0a56e8bff1623ecebb8fc96c33a56db03d33960fe994bfd355c8b7e1eeb3
Opcode Fuzzy Hash: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
Instruction Fuzzy Hash: 79B128711083819FD324CF18C89061BBBE5AFA9704F448E2EF5D997342D675EA18CB57

Function 00A0FC20 Relevance: 1.5, Strings: 1, Instructions: 265COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00A0FCA4, 00A0FCAD

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 00b0c310c88430c9caaf1dd385195afff3a35cd0780076fc476a89ca8c8e431c
Instruction ID: 0a5de3ed6b353885959f9616ba77a1ee43cf304288aa40ccd84135664981f166
Opcode Fuzzy Hash: 00b0c310c88430c9caaf1dd385195afff3a35cd0780076fc476a89ca8c8e431c
Instruction Fuzzy Hash: 7581CB71508305EFD720DFA8EA85B2AB7E5FB99705F04883CF184A7291E730D856CB62

Function 009ED457 Relevance: 1.5, Strings: 1, Instructions: 248COMMON

Download Yara Rule

Strings

%*+(, xrefs: 009ED663, 009ED66B

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 950f2d3736b1596e141d317d7082154ec747ca6729d6e5588ef8d2c38e6e9151
Instruction ID: 668d906bd6b59ae3e24c0ef06ef139d74a2e85a75e27d21bea4fd09c31fb72ad
Opcode Fuzzy Hash: 950f2d3736b1596e141d317d7082154ec747ca6729d6e5588ef8d2c38e6e9151
Instruction Fuzzy Hash: 7061E0B1909301DBD721EF58D842A3AB3B5FF94354F080929F8858B352E731DD12C792

Function 00A14A40 Relevance: 1.5, Strings: 1, Instructions: 220COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00A14C33, 00A14C3B

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 902740d8c51c26d5489450e3022cf886e55fd1dcb4eff087dc6453ec421f8003
Instruction ID: 7ca1691ed0a827e628b4fd7a767a6b99e27babf6fe9e9ace25d334861c4e82ad
Opcode Fuzzy Hash: 902740d8c51c26d5489450e3022cf886e55fd1dcb4eff087dc6453ec421f8003
Instruction Fuzzy Hash: 4D61D175A0D3419BD711DF6DC880B6ABBE6EBC9314F28892CE5C587291D731EC81CB92

Function 009DE1A0 Relevance: 1.4, Strings: 1, Instructions: 175COMMON

Download Yara Rule

Strings

000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081, xrefs: 009DE333

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
API String ID: 0-2471034898
Opcode ID: 049b3d61bb20bd63af383953b00a3bd9bf5c4948cd6ff9bb7ce76ea2c15ed35d
Instruction ID: eb6d119d4802ae7037927969b01f2407d9f8b727f0b46b342d65321c2313d867
Opcode Fuzzy Hash: 049b3d61bb20bd63af383953b00a3bd9bf5c4948cd6ff9bb7ce76ea2c15ed35d
Instruction Fuzzy Hash: C8512933B996904BD328A97C5C553A9BA870BE2334B3DC76BE9F18F3E5D55948018390

Function 00A13920 Relevance: 1.4, Strings: 1, Instructions: 172COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00A139E3, 00A139EB

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: e12ffbca21182042e9fb0cb9108dacce85cabb2f0f236cf321ae63f393b575fd
Instruction ID: ddcdbb06bdc7da0d8cc37f5f699fc12a997ad5b6425cf0bb6794acf0d2ce29f8
Opcode Fuzzy Hash: e12ffbca21182042e9fb0cb9108dacce85cabb2f0f236cf321ae63f393b575fd
Instruction Fuzzy Hash: CE51B0366092409BCF24DF19D990A7EBBE5FF85784F18882CE4C687251D372DD91CB62

Function 009E1BEE Relevance: 1.4, Strings: 1, Instructions: 128COMMON

Download Yara Rule

Strings

L3, xrefs: 009E1C3E

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: L3
API String ID: 0-2730849248
Opcode ID: 9048a73b83a663c311aafd31a273c2cce8ca788a2d8e3f9986c5bfa7e484263a
Instruction ID: 3a1cb19ed6b29d69ba3958526ad0798bf724beba4d9b7bfb4ab4c09843bd9d9e
Opcode Fuzzy Hash: 9048a73b83a663c311aafd31a273c2cce8ca788a2d8e3f9986c5bfa7e484263a
Instruction Fuzzy Hash: 7C4160B40083809BC7159F69C894A2FBBF4BF8A314F14891CF5D69B290D736CA06CB56

Function 00A0FF70 Relevance: 1.4, Strings: 1, Instructions: 124COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00A10033, 00A1003B

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: a33bbfeafef7f3e8f8d509b7ca27c49f8175526d24202e8e815d2bc7547b63c2
Instruction ID: 806ba5470f2ff81676fcdf15b645d476b3171e57cacb86cb6001922ce24f9aa6
Opcode Fuzzy Hash: a33bbfeafef7f3e8f8d509b7ca27c49f8175526d24202e8e815d2bc7547b63c2
Instruction Fuzzy Hash: 723123B4908301ABD610EB28DD81F6BB7E9EB89384F144828F885D7252E271DCD0C7A3

Function 009FE40C Relevance: 1.4, Strings: 1, Instructions: 108COMMON

Download Yara Rule

Strings

72?1, xrefs: 009FE6A2

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: 72?1
API String ID: 0-1649870076
Opcode ID: c4b1b893fe9da5f57e332972de1c8e7bf0b78c7be5d2bfdd269acc4513a502a0
Instruction ID: 68886dbec720e227d1676b79d2069818d6b7cf634260e66d81c1ee4f356357c0
Opcode Fuzzy Hash: c4b1b893fe9da5f57e332972de1c8e7bf0b78c7be5d2bfdd269acc4513a502a0
Instruction Fuzzy Hash: 3C3104B1900209CFCB20DF98E8806BFBBB5FB5A304F144829E546A7311C335A942CBA2

Function 009E6F91 Relevance: 1.4, Strings: 1, Instructions: 108COMMON

Download Yara Rule

Strings

%*+(, xrefs: 009E703B

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 8ac109058fdd3596bd042b9fe22bab0cbad9b3d00afd689a1c8c9e9bf2f50b71
Instruction ID: 033d92dcae868ae946bfc8fa1bdcb8a01d16becfe61cd43eaff277d6786d3ee7
Opcode Fuzzy Hash: 8ac109058fdd3596bd042b9fe22bab0cbad9b3d00afd689a1c8c9e9bf2f50b71
Instruction Fuzzy Hash: 1C415671604B84DFD736CBA6D990B26F7F6FB49702F148818E5869BAA1E331FC018B11

Function 009FE66A Relevance: 1.4, Strings: 1, Instructions: 100COMMON

Download Yara Rule

Strings

72?1, xrefs: 009FE6A2

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: 72?1
API String ID: 0-1649870076
Opcode ID: 0f61d946b79e8e2e9f4339a31888195b6f9dd2b6ab9609e5b47411a65182435c
Instruction ID: 1e09c1e08699d5bd9dce6adf1935d6a699484ef005b86f3a05d9c04f1d8289d0
Opcode Fuzzy Hash: 0f61d946b79e8e2e9f4339a31888195b6f9dd2b6ab9609e5b47411a65182435c
Instruction Fuzzy Hash: 4721B0B1901209CFC720DF99D990A7FBBB9BB5A744F14482CE546AB351C335AD42CBA2

Function 00A19CE0 Relevance: 1.3, Strings: 1, Instructions: 87COMMON

Download Yara Rule

Strings

@, xrefs: 00A19D30

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: @
API String ID: 2994545307-2766056989
Opcode ID: fbdf8e11087a09d60cfa081e8f5785ddab65385ea8229f8d163147ec52e686da
Instruction ID: 92fae2567296aa6990fb082e91cb6853c37b01e8146fac87855d584f0d30c837
Opcode Fuzzy Hash: fbdf8e11087a09d60cfa081e8f5785ddab65385ea8229f8d163147ec52e686da
Instruction Fuzzy Hash: 443198709083008BD310DF28E890A6BFBF9FF9A314F14892CE1C497251D335D845CBA6

Function 009E4E2A Relevance: 1.0, Instructions: 957COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51a13cc820114d48a0d02305ab5dada1b460da286e4aa2891ba0f5dbbc1dd734
Instruction ID: f706f16870cf899913ec333d3c0f34c605a91f8d4392b1996fb7528f79f90bf4
Opcode Fuzzy Hash: 51a13cc820114d48a0d02305ab5dada1b460da286e4aa2891ba0f5dbbc1dd734
Instruction Fuzzy Hash: 196268B0500B818FD726CF25D980B27B7F6AF49708F55892DE49A8BB52E774F804CB91

Function 009DBEB0 Relevance: .9, Instructions: 895COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
Instruction ID: 2bbf377876c8970b2c7fbac4a2e57e42623c5552b5344fc11f6128381bc8da1d
Opcode Fuzzy Hash: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
Instruction Fuzzy Hash: A35206719487128BC7259F18D4802BAF3E5FFD5319F29CA2ED9C693390E734A851CB86

Function 00A18652 Relevance: .7, Instructions: 710COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: daf2b5ade1a39c79e43f64e8e919cc5d57569973eebcbf240e73d21104a0a4ac
Instruction ID: 55d3e0c507d9cfbcc3c1b19fba1a94d80e678024b95a6da42676d9a6f17b3af7
Opcode Fuzzy Hash: daf2b5ade1a39c79e43f64e8e919cc5d57569973eebcbf240e73d21104a0a4ac
Instruction Fuzzy Hash: D822A935608340CFC714DFA8E89066ABBF1FB8A315F09897DE58987251D735D9A2CB82

Function 00A186F0 Relevance: .7, Instructions: 681COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20586818de166b3af808e215f4a490f0ceceb26d3e7fe27d5cdf5e4ba7ccbd3c
Instruction ID: c85f406587f59f6955caa50e2cc84b61ff7016415939ab62966cb0306312e1b3
Opcode Fuzzy Hash: 20586818de166b3af808e215f4a490f0ceceb26d3e7fe27d5cdf5e4ba7ccbd3c
Instruction Fuzzy Hash: DF22A935608340DFD714DFA8E89066ABBF1FB8A315F09897DE58987351C735D8A2CB82

Function 009DB3A0 Relevance: .7, Instructions: 670COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4594f06952b5cca892f25586a3607fd913d558d57000b270dfe69c94ca21d26f
Instruction ID: 17711b0bb52c081a7d14c8db3b6ea3266b6d8028d56d287bb7e22eac4e7173ea
Opcode Fuzzy Hash: 4594f06952b5cca892f25586a3607fd913d558d57000b270dfe69c94ca21d26f
Instruction Fuzzy Hash: 5252D670948B84CFEB34CB24C0947A7BBE6AF91314F168C2FD5D606B82C779A885CB55

Function 009D71F0 Relevance: .7, Instructions: 657COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d83ec45f473c7fdeb645a66895d3a98d960e841caff1988e99614c8883dc2f98
Instruction ID: b465f9f616cc966824ece158a629f5b164caa31c5dad5adeda9db39a05461107
Opcode Fuzzy Hash: d83ec45f473c7fdeb645a66895d3a98d960e841caff1988e99614c8883dc2f98
Instruction Fuzzy Hash: 4E52BE3150C3458FCB15CF68C0906AAFBE1BF88314F59CA6EE8995B351E778E949CB81

Function 009D8FD0 Relevance: .6, Instructions: 620COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7f10e671784e193749c2ea47490d1b149bb6518b2d7450689eb1517c8b95bf6
Instruction ID: 5bc26f6813b679af4608fa0fa5d84403def857922ad186cde9c58f75c7246682
Opcode Fuzzy Hash: b7f10e671784e193749c2ea47490d1b149bb6518b2d7450689eb1517c8b95bf6
Instruction Fuzzy Hash: E4426775608301DFD708CF28D85079ABBE1BF89315F09886DE8958B3A1D73AD986CF42

Function 009D7BF0 Relevance: .6, Instructions: 592COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7234e2b6e3f1d02d057adee5891e20e35ceca0f514ae029d4be364e66b472cd5
Instruction ID: bfd2afa2dc99e5d01e9b44f652cac795c3f209d1c1b99f51c99b096ec0344c44
Opcode Fuzzy Hash: 7234e2b6e3f1d02d057adee5891e20e35ceca0f514ae029d4be364e66b472cd5
Instruction Fuzzy Hash: B9321170558B118FC338CF69C59056AFBF2BF45710BA08A2ED6A787B91E736B845CB10

Function 00A189A0 Relevance: .5, Instructions: 545COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bcad424db472f7fac012d213046a7aeeb39c0800c7ea5dc916b661d38ef05480
Instruction ID: 769a41d991819bb73f9d451da43c47d28907fd2ddba686c4d98d11a8a6c2e63a
Opcode Fuzzy Hash: bcad424db472f7fac012d213046a7aeeb39c0800c7ea5dc916b661d38ef05480
Instruction Fuzzy Hash: 1A02993560C340DFC714DFACE89066ABBF5EF8A315F09896DE48987261C336D952CB92

Function 00A18A80 Relevance: .5, Instructions: 524COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c3edee489ab354aa3f636fa0153d2df1d492befcdbb10b4890bda5e3478a735
Instruction ID: d4409139f843c1216fab6ced720f2b8191eb3a7baf32bc5a179f275e41beeb06
Opcode Fuzzy Hash: 0c3edee489ab354aa3f636fa0153d2df1d492befcdbb10b4890bda5e3478a735
Instruction Fuzzy Hash: E6F1873460C380DFC714DF68E89066AFBE5AF8A315F09896DE4C987261D336D952CB92

Function 00A18C02 Relevance: .5, Instructions: 487COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f786c0c8f940b86431cdfb99e478e0437121eaa6950a8bcbed7c996fb479a4d
Instruction ID: d4c25b4368bfa3ca22c013733bff5862e19d8d82206c3da46cc1e0c6e1538865
Opcode Fuzzy Hash: 1f786c0c8f940b86431cdfb99e478e0437121eaa6950a8bcbed7c996fb479a4d
Instruction Fuzzy Hash: C1E1BB35608340CFC314DF6CE89066ABBF6AB8E315F09896CE4D987351D736E952CB92

Function 009DA300 Relevance: .5, Instructions: 459COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
Instruction ID: 5ee8c3584cb8835b6db6316aa36d4123d730e7726a9d69bd852902483f631eaa
Opcode Fuzzy Hash: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
Instruction Fuzzy Hash: ABF1CD766483418FC724CF29C88176BFBE6AFD8300F08882EE8C587751E639E955CB52

Function 00A18E70 Relevance: .4, Instructions: 420COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d3356df1ac7ee6de6006749d8e45c8e0831fab7f5824a02d088ace8ea982d19
Instruction ID: 3e5b8b7200b9e7b19e8d12109397b48b62d41d21ec5415cfeb9e59e60ec25acf
Opcode Fuzzy Hash: 6d3356df1ac7ee6de6006749d8e45c8e0831fab7f5824a02d088ace8ea982d19
Instruction Fuzzy Hash: E6D1A93460C380DFD714EF68E89066AFBF5EB8A305F09896DE4C587251D736D852CB92

Function 00BA01BE Relevance: .4, Instructions: 409COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c8cdcb92a08171b32f3205a41e20981bdd3e41f910d3653d7555a9f5f2858f1
Instruction ID: 471859cb47704edf4f9e0f881f9f3bec6e2846ab9cd3a0a84f3b5f4b0182f9d5
Opcode Fuzzy Hash: 7c8cdcb92a08171b32f3205a41e20981bdd3e41f910d3653d7555a9f5f2858f1
Instruction Fuzzy Hash: 9EC1F8F3A0C204AFE3156E19EC85B7AFBE5EF94320F16453DEAD4C3344E63558048696

Function 009E4487 Relevance: .4, Instructions: 389COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 362cf4ef5084173179ac1a896036b2527629509e3c62b3ca5c4f79f3ccffcfe0
Instruction ID: dae3c53998c74560df47f14dda424821ccbe9983b1a3df0cca7a9ca3e0ff8b18
Opcode Fuzzy Hash: 362cf4ef5084173179ac1a896036b2527629509e3c62b3ca5c4f79f3ccffcfe0
Instruction Fuzzy Hash: E0E11FB5601B408FD321CF28D992B97B7E1FF46704F04886DE4AACB762E735B8118B54

Function 00A16CBF Relevance: .4, Instructions: 384COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4fc1307ebaf1d36dc68e382bc0fb36dd2e58f15015b6094b52d62f67117adb08
Instruction ID: 10c27fd0266398e9b5ed46257c1df21055016aa628389bb302fc976d3ce2684b
Opcode Fuzzy Hash: 4fc1307ebaf1d36dc68e382bc0fb36dd2e58f15015b6094b52d62f67117adb08
Instruction Fuzzy Hash: 15D1CE36A183518FCB24CF7CD88056AB7E2BB8A314F098A7DE491D7391D334DA46CB91

Function 00A17AB0 Relevance: .4, Instructions: 354COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f591d63655ba04c7a5c3359876030651588befe178cc40367eb78c6b1b06c57a
Instruction ID: e4fc594f32ddb37a94e91c54a74df77fbcd8d6ade5d2ca03f1306034a2cde728
Opcode Fuzzy Hash: f591d63655ba04c7a5c3359876030651588befe178cc40367eb78c6b1b06c57a
Instruction Fuzzy Hash: D0B1F572A0C3504BE724DB68CC417AFB7FAABC4314F08492DE99997391EB35DC458B92

Function 009DAF10 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
Instruction ID: db0b270362318bda38066485d355447235bf363203c11a125f2bacbfe47bc1e5
Opcode Fuzzy Hash: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
Instruction Fuzzy Hash: E7C17AB2A48741CFC360CF68CC967ABB7E1AF85318F08892DD1D9C6342E778A155CB06

Function 009E6536 Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f5ceb5a908ee9081e717d7089ea4a7fd78b2570dd9df3180d3ef3473adb77f0
Instruction ID: b446fef3dffe580892829502f808a7eadbf1eec53b8da8d8f303f3c9481a2913
Opcode Fuzzy Hash: 6f5ceb5a908ee9081e717d7089ea4a7fd78b2570dd9df3180d3ef3473adb77f0
Instruction Fuzzy Hash: 00B100B4600B808FD322CF25C981B27BBF5AF56704F14885DE8AA8BB52E775F805CB55

Function 00A17710 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b5194a3cbd8107b8d43f4ffbf50302936f3a622622a0e7aaa0f98be26f0db66d
Instruction ID: 639677537238adde6ece8d379c75fe719365e6cc2e2a58868d3469c27fe94666
Opcode Fuzzy Hash: b5194a3cbd8107b8d43f4ffbf50302936f3a622622a0e7aaa0f98be26f0db66d
Instruction Fuzzy Hash: BC919D71A0C301ABE720DB64C940BAFBBF6EB85350F54982CF58597391E730E985CB92

Function 00A1A0D0 Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bc15e898c15ce8c21695075052ba566fe9d180de5664b4bcad3b456590b5ba7
Instruction ID: f21b8702cf43905a5cf8104c0213b299b6a946cbdc270cd8d1593bf2810e978c
Opcode Fuzzy Hash: 5bc15e898c15ce8c21695075052ba566fe9d180de5664b4bcad3b456590b5ba7
Instruction Fuzzy Hash: EE81B13420A7019FD724DF68C880A6AB7F5FF69750F05892CE486CB261E731EC91CB92

Function 00A064F0 Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33f4625112e15f182f42dac3b537e5694a65205d73180ef8da873fed3312d8f5
Instruction ID: 40849b61fab3794fd0892c2ebf4fcfa2591e8f1f0b366fc0a930c844cba84a31
Opcode Fuzzy Hash: 33f4625112e15f182f42dac3b537e5694a65205d73180ef8da873fed3312d8f5
Instruction Fuzzy Hash: 8171F633B69A944BD3148D7C6C82395AA934BE6338F3EC379E9B4CB3E5D52A4C164340

Function 009F28E9 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a16643f47690632c45a1f8236eb30ce6e9b14683a0dd4a8f957f7198307ad151
Instruction ID: cadc5ebce83c55bb5c6d5c0b52c490770434a67d02bff911d6146ac0b84dc498
Opcode Fuzzy Hash: a16643f47690632c45a1f8236eb30ce6e9b14683a0dd4a8f957f7198307ad151
Instruction Fuzzy Hash: 2C6185B44083548BD310AF18D841B2BBBF5EFA2754F08891DF6C59B362E339D911CB66

Function 009F7C00 Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 683d31ceb35e30559954e299694deeda589ddaec4155c2e1b4e430d8f870feba
Instruction ID: 932febd75f5b96608521ae5acc4e1d62640204d569713339d22ad91ae79de2f9
Opcode Fuzzy Hash: 683d31ceb35e30559954e299694deeda589ddaec4155c2e1b4e430d8f870feba
Instruction Fuzzy Hash: 6951BFB1648208ABDB209BA4CC92BB7B3B8EF85764F144958FA85CB3D1F375D801C761

Function 00A01860 Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
Instruction ID: e61e23c557c6c7bc9a83784107ebdf96d2e94fee70c7408f5ed30ed5cb146a5b
Opcode Fuzzy Hash: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
Instruction Fuzzy Hash: C461BC31709309ABD714CF69E5807AEBBE2ABC5390F68C92DF4898B391D270DD859742

Function 00A082D0 Relevance: .2, Instructions: 215COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4629d57b32ddb2a45ec5a08ecb000e6ca8e233c80d777078bd65dcaf9d324252
Instruction ID: 0ace95aba652fa6cd9e6c66c363958cf5aab2c738606c6fa094063b1e6598811
Opcode Fuzzy Hash: 4629d57b32ddb2a45ec5a08ecb000e6ca8e233c80d777078bd65dcaf9d324252
Instruction Fuzzy Hash: 19613933A5AAA44BD314863D6C563A6AA931BD2730F3EC36599F18F3E5CD6E48024346

Function 009E42FC Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5388443e82edc20b2ed3b9489900779e8f0b09a1ca21587d4b0f98728048a35
Instruction ID: 6a19d2ac1f06f646273430027b5acbd8ecbc541d10151ce6ab376da02822cf8b
Opcode Fuzzy Hash: f5388443e82edc20b2ed3b9489900779e8f0b09a1ca21587d4b0f98728048a35
Instruction Fuzzy Hash: 0381F2B4815B40AFD360EF39D947757BEF4AB06201F408A1DE4EA97694E7306419CBE3

Function 00A0E8A0 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
Instruction ID: 3e7fbfde1f352ea70b89dcafa55de0c7ab8f1701dea50b89549b8aea44d06e36
Opcode Fuzzy Hash: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
Instruction Fuzzy Hash: DD517CB16083548FE314DF69D49435BBBE1BBC9358F044E2DE4E983390E379DA088B82

Function 00A17520 Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81639f6556daa05995ef4361563a987a7c378e5f3c68d3dfb9c1ed3af817891b
Instruction ID: 00c5892bacc814bd50a75e5e0dfaa1881ac3d7a13cf2694d87d9cb3a05a7d0b3
Opcode Fuzzy Hash: 81639f6556daa05995ef4361563a987a7c378e5f3c68d3dfb9c1ed3af817891b
Instruction Fuzzy Hash: B2510235A0C210ABC7159F1CDC90B7EB7F6FB85364F288A2CE8E597391D631AC5187A1

Function 00B098E8 Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8fb2c4353ae5f88fe0d2ffc09c653b68983f2db771f816c67bacc084cf3fda1
Instruction ID: 76d16b3d9fb447921b0f0fe5fde0ad930872fa97d9177405290d903797adba9d
Opcode Fuzzy Hash: a8fb2c4353ae5f88fe0d2ffc09c653b68983f2db771f816c67bacc084cf3fda1
Instruction Fuzzy Hash: 325190F79281009BE304AE2CDC8677AB7DADFA4310F19893ED685C7344FA7998118387

Function 009D5A50 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ea9105d3b54e8583e408a11645023a219853d8d152f1f9f89cc1b20f08f1f8f
Instruction ID: d78797e620c9bbf96dc55395188d55f2dc329bddc5530f3d97e90cde5c1681c6
Opcode Fuzzy Hash: 6ea9105d3b54e8583e408a11645023a219853d8d152f1f9f89cc1b20f08f1f8f
Instruction Fuzzy Hash: 1D5114B4A447159FC714DF24C881926B7A4FF85324F16866EF8959B342D734EC42CB92

Function 00AB9CED Relevance: .2, Instructions: 162COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d1837ef37fe318b01a54d1c15ec6a53ae720bdc725cd24f9a5ec34940d26633
Instruction ID: 6b5e055fcc7d55aabae1b2ff440bac1766c138585fb92f5a847966140f2728e3
Opcode Fuzzy Hash: 1d1837ef37fe318b01a54d1c15ec6a53ae720bdc725cd24f9a5ec34940d26633
Instruction Fuzzy Hash: DD4109F3A082045BE304AE3DEC4576AF7EAEFE4720F1A853DD5C897784E53968158683

Function 009FEC48 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8029239a5bd0d7c31df5d3d50ea09d7cee50539ed16cf4c6daa1cb1187769017
Instruction ID: eb0be9d3596e9dc312c5120deb79344acef119be78e4ea753a2001624a717339
Opcode Fuzzy Hash: 8029239a5bd0d7c31df5d3d50ea09d7cee50539ed16cf4c6daa1cb1187769017
Instruction Fuzzy Hash: 1B418E78900319DBDF20CF94D891BB9B7B1FF0A304F144559E985AB2A0EB389951CB91

Function 00A19B60 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cdc30c7b695d46e519758a6e4bf4c96648c7b686e333bdda315f60a6f112de0b
Instruction ID: 7231b5bcde72590ccd2e1f94526bafd307a68b4f8a8b3bb1b7885ebd50a66a86
Opcode Fuzzy Hash: cdc30c7b695d46e519758a6e4bf4c96648c7b686e333bdda315f60a6f112de0b
Instruction Fuzzy Hash: AC41AF3460C300AFD720DB59D9A0B6BB7E6EB85750F14882CF5CA97251D331EC81CBA2

Function 009E2030 Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1164bf88fc1a2c646f24fe1185f59bc369ff4d452fee9dae533e20b15e7756a4
Instruction ID: 27417f28b2f03cbff8582057bdb60ce5717301dc1509010424e152c7034069bd
Opcode Fuzzy Hash: 1164bf88fc1a2c646f24fe1185f59bc369ff4d452fee9dae533e20b15e7756a4
Instruction Fuzzy Hash: F641F672A0C3654FD35DCF2A849027ABBE6AFC5310F09862EE4D6873D4DAB48D45DB81

Function 009E1E93 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cfb0bd2aeb46b4a3852442a2f8bbbf03dd972f38877f7945b891e8bb53d30fb
Instruction ID: 754ea29db779bc2f9dd44c47938679058fffb44b3ae4b1c5cc4877012e15873b
Opcode Fuzzy Hash: 5cfb0bd2aeb46b4a3852442a2f8bbbf03dd972f38877f7945b891e8bb53d30fb
Instruction Fuzzy Hash: DC41FF745083809BC321AB5AC884B2EFBF9FB8A344F144D1CF6C497292C376E8148F66

Function 00A18D8A Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 907a81094d22eabfc7128030452a1442a0e7511a6254b9855b97281f9bd44825
Instruction ID: 83ea800d1c1d7fc177568f832f3a7d1cbc48c392c57940a29654b5e729a9f9b1
Opcode Fuzzy Hash: 907a81094d22eabfc7128030452a1442a0e7511a6254b9855b97281f9bd44825
Instruction Fuzzy Hash: D241CE3160D3508FC704EF68D49056EFBE6AF9A300F198A2DD4D9DB2A1CB78DD418B82

Function 009ED961 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0adb403c1aaf354028ce58162106f09f149c9e18cbe98d5e998d448cdba446e
Instruction ID: a6dcdcaa391bab5398401e5d1ac84d0470a917796935f5cb11157cc2849a8bc3
Opcode Fuzzy Hash: e0adb403c1aaf354028ce58162106f09f149c9e18cbe98d5e998d448cdba446e
Instruction Fuzzy Hash: DD41CBB5649381CBD730DF14C841BABB7B4FF96360F048969E48A8B792E7748941CB53

Function 00A0F030 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
Instruction ID: 44348efa36a569eeb784e6ea8f96bf6fdac55b4d478e657940c3414fe7a5dc9c
Opcode Fuzzy Hash: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
Instruction Fuzzy Hash: F62107329082284BC3349F59D48163BF7E4EB99704F06863ED9C4A72D5E335DC2487E1

Function 00A167EF Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a490ba1888a9b51cebf3ccc91162144be525c2f8dff8857ed4f294572de02c0
Instruction ID: 78c63e19102745dbe756dbb28fe67eb05a179dad826eaca856cf321db141243b
Opcode Fuzzy Hash: 9a490ba1888a9b51cebf3ccc91162144be525c2f8dff8857ed4f294572de02c0
Instruction Fuzzy Hash: 763133705183829AD714CF14C49066FBBF0AF96384F54690CF4C8AB261D338D985CB9A

Function 009F5E70 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c53df7cd3e9c0d1b22c823b572156f0034822aea6bbe95f6690c69100229287a
Instruction ID: 851dbcef52de22e6d5b03602ec565c62d5673387bc91ceaffe4b7726188a2c51
Opcode Fuzzy Hash: c53df7cd3e9c0d1b22c823b572156f0034822aea6bbe95f6690c69100229287a
Instruction Fuzzy Hash: 4B21B2B05082059BD310EF28C851A3BBBF8EF92765F45891CF6D59B292E334C900CBA3

Function 00B8CC05 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0e7abd910f0854e395e1218fb4b0050561c4f8b1d1557933acf0a53e03ecc9a
Instruction ID: 44bc04da898984a57b3f6e2a7f041814b7c15ced08afde4855f11329f7037f42
Opcode Fuzzy Hash: e0e7abd910f0854e395e1218fb4b0050561c4f8b1d1557933acf0a53e03ecc9a
Instruction Fuzzy Hash: CC2179F3B082004BE348592DDC5137AB6DADBC0720F6AC63EE685C7B88F979C8424156

Function 009D49A0 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
Instruction ID: de1f10facac713efee2136bec33e64e4ab89fd6bff1c2bc63f15be659e3b4bf9
Opcode Fuzzy Hash: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
Instruction Fuzzy Hash: 533103316882019BC7109E19D980A2BB7E5EFC8318F18C92FE8DADB341D335DC42CB86

Function 00A164B8 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf5030beac0f92bc2153f0907bef6e90331f7c3d22f36046ea0ee92165c6891d
Instruction ID: 1275686d295a2bc34805a9cb0895cb194410dbd795c910fc8d45923459be7867
Opcode Fuzzy Hash: cf5030beac0f92bc2153f0907bef6e90331f7c3d22f36046ea0ee92165c6891d
Instruction Fuzzy Hash: F221697460C2009BC714EF59D680A2EF7F6FB85740F28881CE4C5D7261C334A892CB62

Function 00C21C98 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 391d066f8700790a2e16826a257d4bc52c1e912046083b2ab30cd86d670fa430
Instruction ID: 2d8d28f1bda3fd10cf46d001592a094fe4a164c97de16523103fc4e25efe05b3
Opcode Fuzzy Hash: 391d066f8700790a2e16826a257d4bc52c1e912046083b2ab30cd86d670fa430
Instruction Fuzzy Hash: 8721A4B151C3049FE315FF68D886A6AF7E5EB58310F06492CEAD4C3210E635A9609A97

Function 009E0EEC Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99b62c9a1c46625f70a3a8acbf2baa2d6a8f7bf6441c55de4aec14d68c8c3fca
Instruction ID: d310e2e56e85c139f0b00403c48b1407f6ed92ce1495a1055fbde188f41b93b2
Opcode Fuzzy Hash: 99b62c9a1c46625f70a3a8acbf2baa2d6a8f7bf6441c55de4aec14d68c8c3fca
Instruction Fuzzy Hash: 8B2148B490025A9FDB15CF95CC90BBEBBB5FB4A304F144818E511BB282C375A911CB64

Function 00A15700 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e692f7b9976dcabfb3b229bc36a6b5a850eb853690e46138a5152ea635e5e7a2
Instruction ID: da31c06024d162e9bf6d74ae154fcecae8261a0624dd7b3e21792dd77510b17b
Opcode Fuzzy Hash: e692f7b9976dcabfb3b229bc36a6b5a850eb853690e46138a5152ea635e5e7a2
Instruction Fuzzy Hash: BB11A07191C280EBC711EF28E945A6BBBF9EF96710F058C28E4C49B251D339D852CB93

Function 00A0B650 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction ID: 900b76b9fa3c4b9d1c1e760c23d29b082a9e5f892de2b299725008a37cf7a678
Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction Fuzzy Hash: 8811E533A151DC0EC3168E3C9540565BFA31AA3334F598399F4B89B2D2D7338D8A9374

Function 00A00B80 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
Instruction ID: f18d589c42e323c344c907195a04270b4af5e1310cca260d3402ac19cdd9844f
Opcode Fuzzy Hash: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
Instruction Fuzzy Hash: 940184F5A0030647E720EF54A4D1F3BB2A86F82718F18452DE84697382DB75EC05C791

Function 009FD1E1 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31beacbf26766b73f3fc1d81e4b41facc12950bdd1d244c312deac24cdc0ce59
Instruction ID: db94b65d48e5a39ffd9b71666f0d78a48d79bc3df9c8325f365e97809e51e459
Opcode Fuzzy Hash: 31beacbf26766b73f3fc1d81e4b41facc12950bdd1d244c312deac24cdc0ce59
Instruction Fuzzy Hash: C811ECB0408380AFD320DF658584A2FFBE5EBAA714F148C0DF6A49B251C379E819CF56

Function 009D6EA0 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a26e0c1ab7019757e3c8846472c3a681570e6ad6924eb9d8a8700f3b2aa43d6f
Instruction ID: f70f8d6f986bb004a3a6e2d13441057c76fe8fe2ddce38e4d85a339e446fb149
Opcode Fuzzy Hash: a26e0c1ab7019757e3c8846472c3a681570e6ad6924eb9d8a8700f3b2aa43d6f
Instruction Fuzzy Hash: 3FF0503E7546090B6310CEAEE880937F3E6D7CD355B049539EE40C3301CD71E80241E0

Function 00A0B8C0 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
Instruction ID: 6506d07c58c905065930edc77b6421f51c28c54387ea28b09faa2761b04cb969
Opcode Fuzzy Hash: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
Instruction Fuzzy Hash: 1E0162B3A199610B8348CE3DDC1156BBAD15BD5770F19872DBEF5CB3E0D230C8118695

Function 009EC5F0 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
Instruction ID: afd6f86e1ed7dc578beff9a6215ab27dc393fb41cabbec3b70aacfa27007612f
Opcode Fuzzy Hash: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
Instruction Fuzzy Hash: EB014B72A196204B8308CE3C9C1112ABEE19B86330F158B2EBCFAD73E0D664CD548696

Function 009EB410 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
Instruction ID: c1bd7fd25d9b1acd24ab9ddc7861d773d9ce6bec9abc99f5151eefecbca11a85
Opcode Fuzzy Hash: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
Instruction Fuzzy Hash: 56F0ECB160459057DF238A969CC0F37BB9CCB87354F190426E845571C3E2619C45C7E5

Function 00A08220 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42c6f5f47e2e25b1b3310b74968207a8c23f4c2dfeb73bb7f2a5a851547780b4
Instruction ID: a69e8278d6edc10f7df241b543de5d18320f9be992f8668347f25931a5aba5e9
Opcode Fuzzy Hash: 42c6f5f47e2e25b1b3310b74968207a8c23f4c2dfeb73bb7f2a5a851547780b4
Instruction Fuzzy Hash: DD01E4B04107009FC360EF29C445787BBF8EB08714F008A1DE8AECB780D770A5848B82

Function 00A11440 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
Instruction ID: 7d05d323c1105a42aa321be6d12c9307f981717be92c39352830c48dc4e2ea8d
Opcode Fuzzy Hash: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
Instruction Fuzzy Hash: 2AD0A771608321469F748F19A4009B7F7F0EAC7F11F89955EF686E3148D230DC81C2A9

Function 009E1ACD Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6fef33ef753681eac37e6b13da3d288c7ef90b8b9afd7c6894893754d336c5d
Instruction ID: a78c3d68cc78f247c0666a1b40a8205c7fde04c262fbd78907b4a252ac51a470
Opcode Fuzzy Hash: c6fef33ef753681eac37e6b13da3d288c7ef90b8b9afd7c6894893754d336c5d
Instruction Fuzzy Hash: 5EC08C34A280808FC208DF86FC95472B7B8A30B308700B03ADA03F3A21CA30D803890D

Function 00A16094 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f80a3603284572f0fc2cc246f9418d098a84b2aa1f28cb8120c51099e1680f77
Instruction ID: a645fb28d0327eb4095e16795b14a413aca4785e988ef38ec3b055db3ad74326
Opcode Fuzzy Hash: f80a3603284572f0fc2cc246f9418d098a84b2aa1f28cb8120c51099e1680f77
Instruction Fuzzy Hash: 55C09B35B5C000D7951CCF5CD961475F3769BD7715B24B02DCD0623255C138D913D91C

Function 009E1A3C Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 427704306bc385eb81a303457a88360497d124f64200e7638afbac0db0fa57e7
Instruction ID: 20dc338eb30d0d5a07341bc0880448b672eafffa4e7e668dab4f3a55e0742e7f
Opcode Fuzzy Hash: 427704306bc385eb81a303457a88360497d124f64200e7638afbac0db0fa57e7
Instruction Fuzzy Hash: F9C09B34A690C0CFC244CFC7E8D1471A3FD5307208710743A9B03F7661C570D406850D

Function 00A15FD6 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2074814359.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2074798520.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074848267.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074866139.0000000000A3A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074882917.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2074899655.0000000000A3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075034720.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075053340.0000000000B90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075076657.0000000000BB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075105254.0000000000BBA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075114767.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075124096.0000000000BBE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075133627.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075145150.0000000000BCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075155298.0000000000BD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075168525.0000000000BE8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075182943.0000000000C00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075216331.0000000000C1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075228111.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075238364.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075249716.0000000000C2E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075263471.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075276125.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075286014.0000000000C44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075301661.0000000000C46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075311842.0000000000C47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075321869.0000000000C48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075331924.0000000000C49000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075341527.0000000000C4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075351769.0000000000C52000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075361462.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075372946.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075384082.0000000000C5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075399228.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075409408.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075436975.0000000000CAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075446796.0000000000CAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075738719.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075754502.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075791182.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075842998.0000000000CDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2075854697.0000000000CDC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2db45a889d647d7d2f95853029fa2741cf42dd7e8e8dccf30c2f884fb5663fda
Instruction ID: adf8d98912e7957f1b2dcef635540765eb08692bfdd9429ea65a100b26b11e0b
Opcode Fuzzy Hash: 2db45a889d647d7d2f95853029fa2741cf42dd7e8e8dccf30c2f884fb5663fda
Instruction Fuzzy Hash: 7FC09225B68000ABAA5CCF5CDD61935F2BA9B8BA19B14B03DCD06A3256D138D913861C

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Windows Analysis Report
file.exe

Function 00A150FA Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63
libraryCOMMON

Function 009DFCA0 Relevance: 5.4, Strings: 4, Instructions: 373
COMMON

Function 009DD110 Relevance: 1.7, APIs: 1, Instructions: 168
COMMON

Function 00A15BB0 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Function 00A1695B Relevance: 1.4, Strings: 1, Instructions: 100
COMMON

Function 009E049B Relevance: .3, Instructions: 264
COMMON

Function 009E0228 Relevance: .2, Instructions: 218
COMMON

Function 00A13220 Relevance: 1.6, APIs: 1, Instructions: 59
memoryCOMMON

Function 00A13202 Relevance: 1.5, APIs: 1, Instructions: 6
memoryCOMMON