Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1538235
MD5:	4f7d940e5a6e1a752310810ed5e48d90
SHA1:	6d600a018c09d0c27b6fb0a1115a8b734f071274
SHA256:	cabc120fdab47adca73614a9d78ba234c67d664dccce4998a89db47ecb856a3d
Tags:	exeuser-Bitsight
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Hides threads from debuggers

LummaC encrypted strings found

Machine Learning detection for sample

PE file contains section with special chars

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Detected potential crypto function

Entry point lies outside standard sections

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

file.exe (PID: 6568 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 4F7D940E5A6E1A752310810ED5E48D90)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["dissapoiznw.store", "mobbipenju.store", "clearancek.site", "eaglepawnoy.store", "licendfilteo.site", "spirittunek.store", "bathdoomgaz.store", "studennotediw.store"], "Build id": "4SD0y4--legendaryy"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Suricata Signatures

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-20T21:15:04.507897+0200	2054653	1	A Network Trojan was detected	192.168.2.4	49731	104.21.53.8	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-20T21:15:04.507897+0200	2049836	1	A Network Trojan was detected	192.168.2.4	49731	104.21.53.8	443	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-20T21:15:01.394214+0200	2056477	1	Domain Observed Used for C2 Detected	192.168.2.4	61700	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-20T21:15:01.318335+0200	2056471	1	Domain Observed Used for C2 Detected	192.168.2.4	56852	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-20T21:15:01.365233+0200	2056481	1	Domain Observed Used for C2 Detected	192.168.2.4	54147	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-20T21:15:01.353214+0200	2056483	1	Domain Observed Used for C2 Detected	192.168.2.4	54991	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-20T21:15:01.422441+0200	2056473	1	Domain Observed Used for C2 Detected	192.168.2.4	51101	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-20T21:15:01.339007+0200	2056485	1	Domain Observed Used for C2 Detected	192.168.2.4	59705	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-20T21:15:01.409484+0200	2056475	1	Domain Observed Used for C2 Detected	192.168.2.4	60253	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-20T21:15:01.381405+0200	2056479	1	Domain Observed Used for C2 Detected	192.168.2.4	57124	1.1.1.1	53	UDP

ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-20T21:15:03.519719+0200	2858666	1	Domain Observed Used for C2 Detected	192.168.2.4	49730	104.102.49.254	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://steamcommunity.com:443/profiles/76561199724331900	URL Reputation: Label: malware
Source: https://steamcommunity.com/profiles/76561199724331900/badges	URL Reputation: Label: malware

Found malware configuration

Source: file.exe.6568.0.memstrmin

Malware Configuration Extractor: LummaC {"C2 url": ["dissapoiznw.store", "mobbipenju.store", "clearancek.site", "eaglepawnoy.store", "licendfilteo.site", "spirittunek.store", "bathdoomgaz.store", "studennotediw.store"], "Build id": "4SD0y4--legendaryy"}

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp	String decryptor: clearancek.site
Source: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp	String decryptor: licendfilteo.site
Source: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp	String decryptor: spirittunek.store
Source: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp	String decryptor: bathdoomgaz.store
Source: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp	String decryptor: studennotediw.store
Source: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp	String decryptor: dissapoiznw.store
Source: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp	String decryptor: eaglepawnoy.store
Source: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp	String decryptor: mobbipenju.store
Source: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp	String decryptor: clearancek.site
Source: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp	String decryptor: 4SD0y4--legendaryy

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.4:49731 version: TLS 1.2

Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00BB50FA
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00B7D110
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00B7D110
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh	0_2_00BB63B8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	0_2_00BB99D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h	0_2_00BB695B
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	0_2_00B7FCA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	0_2_00B80EEC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00BB6094
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then dec ebx	0_2_00BAF030
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	0_2_00B86F91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, dword ptr [edx]	0_2_00B71000
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	0_2_00BB4040
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	0_2_00B9D1E1
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00B842FC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_00B92260
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [esi], ax	0_2_00B92260
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00BA23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00BA23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00BA23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_00BA23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00BA23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+14h]	0_2_00BA23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebp, eax	0_2_00B7A300
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh	0_2_00BB64B8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp], 00000000h	0_2_00B8B410
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00B9E40C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	0_2_00B9C470
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00B8D457
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx eax, word ptr [esi+ecx]	0_2_00BB1440
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00B86536
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh	0_2_00BB7520
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00B99510
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00B9E66A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_00BAB650
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00B9D7AF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+08h]	0_2_00BB67EF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [edi+eax]	0_2_00BB7710
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00BB5700
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_00B928E9
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+edi]	0_2_00B749A0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h	0_2_00BB3920
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h	0_2_00B8D961
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00B81ACD
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00B81A3C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+ebx]	0_2_00B75A50
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	0_2_00BB4A40
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_00BA0B80
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+40h]	0_2_00B81BEE
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00B83BE2
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+000006B8h]	0_2_00B8DB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h	0_2_00B8DB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	0_2_00BB9B60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00B9AC91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [edx], ax	0_2_00B9AC91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00BB9CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh	0_2_00BB9CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h	0_2_00B9CCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00B9CCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h	0_2_00B9CCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh	0_2_00BAFC20
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h	0_2_00B97C00
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [eax+esi+02h], 0000h	0_2_00B9EC48
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00BB8D8A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00B9DD29
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh	0_2_00B9FD10
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [ebp+00h]	0_2_00B7BEB0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp byte ptr [ebx], 00000000h	0_2_00B86EBF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [ecx+esi]	0_2_00B76EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+40h]	0_2_00B81E93
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edi, ecx	0_2_00B84E2A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00B95E70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00B97E60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, word ptr [ecx]	0_2_00B9AE57
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	0_2_00B86F91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00B78FD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [edx], 0000h	0_2_00B8FFDF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00BB5FD6
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h	0_2_00BB7FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00BB7FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00BAFF70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00B99F62

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.4:54991 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.4:54147 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.4:56852 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.4:60253 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.4:61700 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.4:57124 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.4:59705 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.4:51101 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.4:49730 -> 104.102.49.254:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49731 -> 104.21.53.8:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49731 -> 104.21.53.8:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: dissapoiznw.store
Source: Malware configuration extractor	URLs: mobbipenju.store
Source: Malware configuration extractor	URLs: clearancek.site
Source: Malware configuration extractor	URLs: eaglepawnoy.store
Source: Malware configuration extractor	URLs: licendfilteo.site
Source: Malware configuration extractor	URLs: spirittunek.store
Source: Malware configuration extractor	URLs: bathdoomgaz.store
Source: Malware configuration extractor	URLs: studennotediw.store

Source: Joe Sandbox View	IP Address: 104.21.53.8 104.21.53.8
Source: Joe Sandbox View	IP Address: 104.102.49.254 104.102.49.254

Source: Joe Sandbox View	ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
Source: Joe Sandbox View	ASN Name: AKAMAI-ASUS AKAMAI-ASUS

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: global traffic	HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com

Source: file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp

String found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: clearancek.site
Source: global traffic	DNS traffic detected: DNS query: mobbipenju.store
Source: global traffic	DNS traffic detected: DNS query: eaglepawnoy.store
Source: global traffic	DNS traffic detected: DNS query: dissapoiznw.store
Source: global traffic	DNS traffic detected: DNS query: studennotediw.store
Source: global traffic	DNS traffic detected: DNS query: bathdoomgaz.store
Source: global traffic	DNS traffic detected: DNS query: spirittunek.store
Source: global traffic	DNS traffic detected: DNS query: licendfilteo.site
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com
Source: global traffic	DNS traffic detected: DNS query: sergei-esenin.com

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com

Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:27060
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.st
Source: file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.steampowered.com/
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a61
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
Source: file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkout.steampowered.com/
Source: file.exe, 00000000.00000002.1726083406.000000000157F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clearancek.site/api
Source: file.exe, 00000000.00000002.1726083406.000000000157F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clearancek.site:443/apiapi
Source: file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/
Source: file.exe, 00000000.00000003.1724600149.00000000015B7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/css/applications/community/main.css?v=DVae4t4RZiHA&l=en
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/css/globalv2.css?v=dQy8Omh4p9PH&l=english
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/css/promo/summer2017/stickers.css?v=P8gOPraCSjV6&l=engl
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/css/skin_1/header.css?v=pTvrRy1pm52p&l=english
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/css/skin_1/profilev2.css?v=t9xiI4DlPpEB&l=english
Source: file.exe, 00000000.00000003.1724600149.00000000015B7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
Source: file.exe, 00000000.00000003.1724600149.00000000015B7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/applications/community/libraries~b28b7af69.js?v=
Source: file.exe, 00000000.00000003.1724600149.00000000015B7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/applications/community/main.js?v=4XouecKy8sZy&am
Source: file.exe, 00000000.00000003.1724600149.00000000015B7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/applications/community/manifest.js?v=r7a4-LYcQOj
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/global.js?v=7qlUmHSJhPRN&l=english
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/modalContent.js?v=XpCpvP7feUoO&l=english
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/profile.js?v=bbs9uq0gqJ-H&l=english
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/promo/stickers.js?v=W8NP8aTVqtms&l=english
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=english
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL&l=
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/webui/clientcom.js?v=jq1jQyX1843y&l=english
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/css/buttons.css?v=-WV9f1LdxEjq&l=english
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/css/motiva_sans.css?v=v7XTmVzbLV33&l=english
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/css/shared_global.css?v=uF6G1wyNU-4c&l=english
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/css/shared_responsive.css?v=kR9MtmbWSZEp&l=engli
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&l=engl
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/javascript/shared_global.js?v=7glT1n_nkVCs&l=eng
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvIAKtunf
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
Source: file.exe, 00000000.00000002.1726083406.000000000157F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://eaglepawnoy.store:443/api
Source: file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/en/
Source: file.exe, 00000000.00000002.1726083406.000000000157F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://licendfilteo.site:443/api
Source: file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.steampowered.com/
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lv.queniujq.cn
Source: file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lv.queniujq~
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://medal.tv
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://player.vimeo.com
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.ytimg.com;
Source: file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/
Source: file.exe, 00000000.00000002.1726083406.000000000157F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/api
Source: file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/apii
Source: file.exe, 00000000.00000002.1726083406.000000000157F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com:443/api
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sketchfab.com
Source: file.exe, 00000000.00000002.1726083406.000000000157F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://spirittunek.store:443/api
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steam.tv/
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast.akamaized.net
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/discussions/
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/market/
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: file.exe, 00000000.00000002.1726083406.000000000157F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
Source: file.exe, 00000000.00000002.1726248405.00000000015B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015B7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
Source: file.exe, 00000000.00000002.1726083406.000000000157F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900h6DG
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/workshop/
Source: file.exe, 00000000.00000002.1726083406.000000000157F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900
Source: file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/about/
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/explore/
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/mobile
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/news/
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/stats/
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443

Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.4:49731 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B80228	0_2_00B80228
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBA0D0	0_2_00BBA0D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B82030	0_2_00B82030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B71000	0_2_00B71000
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB4040	0_2_00BB4040
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF71DB	0_2_00CF71DB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B7E1A0	0_2_00B7E1A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B771F0	0_2_00B771F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D46115	0_2_00D46115
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B75160	0_2_00B75160
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B712F7	0_2_00B712F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA82D0	0_2_00BA82D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA12D0	0_2_00BA12D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B713A3	0_2_00B713A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B7B3A0	0_2_00B7B3A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA23E0	0_2_00BA23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B7A300	0_2_00B7A300
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3F4C1	0_2_00D3F4C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8049B	0_2_00B8049B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B84487	0_2_00B84487
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA64F0	0_2_00BA64F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1F451	0_2_00C1F451
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9C470	0_2_00B9C470
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D4B41A	0_2_00D4B41A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B735B0	0_2_00B735B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8C5F0	0_2_00B8C5F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB86F0	0_2_00BB86F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BAF620	0_2_00BAF620
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB8652	0_2_00BB8652
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B7164F	0_2_00B7164F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D44628	0_2_00D44628
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E38735	0_2_00E38735
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BAE8A0	0_2_00BAE8A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BAB8C0	0_2_00BAB8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC684E	0_2_00CC684E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D4986D	0_2_00D4986D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA1860	0_2_00BA1860
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB89A0	0_2_00BB89A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9098B	0_2_00B9098B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB7AB0	0_2_00BB7AB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D42ACB	0_2_00D42ACB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB8A80	0_2_00BB8A80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7AA81	0_2_00C7AA81
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF3AC1	0_2_00BF3AC1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D4EA67	0_2_00D4EA67
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB4A40	0_2_00BB4A40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B77BF0	0_2_00B77BF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8DB6F	0_2_00B8DB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB6CBF	0_2_00BB6CBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9CCD0	0_2_00B9CCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB8C02	0_2_00BB8C02
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D41C08	0_2_00D41C08
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D04D99	0_2_00D04D99
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9DD29	0_2_00B9DD29
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9FD10	0_2_00B9FD10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B98D62	0_2_00B98D62
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B7BEB0	0_2_00B7BEB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B86EBF	0_2_00B86EBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B84E2A	0_2_00B84E2A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB8E70	0_2_00BB8E70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9AE57	0_2_00B9AE57
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CBBFDC	0_2_00CBBFDC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B78FD0	0_2_00B78FD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB7FC0	0_2_00BB7FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B7AF10	0_2_00B7AF10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3BF13	0_2_00D3BF13
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C01F27	0_2_00C01F27
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA5F21	0_2_00CA5F21

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00B7CAA0 appears 48 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00B8D300 appears 152 times

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: ZLIB complexity 0.9996261344884488

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/0@10/2

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00BA8220 CoCreateInstance,

0_2_00BA8220

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: file.exe

Static file information: File size 3028480 > 1048576

Source: file.exe

Static PE information: Raw size of xkhaisln is bigger than: 0x100000 < 0x2ba000

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.b70000.0.unpack :EW;.rsrc :W;.idata :W;xkhaisln:EW;rfekvyib:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;xkhaisln:EW;rfekvyib:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x2efdc9 should be: 0x2eaaab

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name: xkhaisln
Source: file.exe	Static PE information: section name: rfekvyib
Source: file.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E46048 push 4664F8ABh; mov dword ptr [esp], edx	0_2_00E461D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E46048 push ecx; mov dword ptr [esp], 04A1CF9Bh	0_2_00E461E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E1B013 push 39907781h; mov dword ptr [esp], ebp	0_2_00E1B095
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF71DB push 334C0DCDh; mov dword ptr [esp], ecx	0_2_00CF71FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF71DB push eax; mov dword ptr [esp], 69D951BAh	0_2_00CF7218
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF71DB push eax; mov dword ptr [esp], edi	0_2_00CF7241
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF71DB push ecx; mov dword ptr [esp], edx	0_2_00CF7261
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF71DB push esi; mov dword ptr [esp], edi	0_2_00CF728E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF71DB push edi; mov dword ptr [esp], 350428CEh	0_2_00CF72CA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF71DB push ebp; mov dword ptr [esp], edx	0_2_00CF72D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D6F1A6 push edi; mov dword ptr [esp], 375641C0h	0_2_00D6F1CF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D6F1A6 push ecx; mov dword ptr [esp], eax	0_2_00D6F1F3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D6F1A6 push edi; mov dword ptr [esp], 7DEA9506h	0_2_00D6F20C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D6F1A6 push edi; mov dword ptr [esp], ebp	0_2_00D6F2A4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DFB15B push 0A4ECF00h; mov dword ptr [esp], eax	0_2_00DFB1C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DFB15B push eax; mov dword ptr [esp], esi	0_2_00DFB1CE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E78176 push 5F3B13B9h; mov dword ptr [esp], ecx	0_2_00E7821A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D46115 push 72CAC23Dh; mov dword ptr [esp], edi	0_2_00D4611D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D46115 push ebx; mov dword ptr [esp], eax	0_2_00D4617A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D46115 push eax; mov dword ptr [esp], esi	0_2_00D46259
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D46115 push 1BCA2342h; mov dword ptr [esp], edi	0_2_00D46297
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D46115 push esi; mov dword ptr [esp], ecx	0_2_00D462A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D46115 push 6FAAA7B8h; mov dword ptr [esp], edi	0_2_00D462F5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D46115 push 38FE104Dh; mov dword ptr [esp], edi	0_2_00D46318
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D46115 push edx; mov dword ptr [esp], 60A03560h	0_2_00D4631F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D46115 push eax; mov dword ptr [esp], ebp	0_2_00D4633A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D46115 push ebx; mov dword ptr [esp], 7F797E76h	0_2_00D4638D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D46115 push ebx; mov dword ptr [esp], eax	0_2_00D46399
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D46115 push 62B59CE6h; mov dword ptr [esp], esp	0_2_00D463A1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D46115 push 0CC252D7h; mov dword ptr [esp], eax	0_2_00D463CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D46115 push 085A8877h; mov dword ptr [esp], edx	0_2_00D4640F

Source: file.exe

Static PE information: section name: entropy: 7.979276920550064

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD477A second address: BD4791 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7524DC4552h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D54B33 second address: D54B39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D54B39 second address: D54B53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jl 00007F7524DC4552h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D54B53 second address: D54B62 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7524C2A42Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D53E36 second address: D53E3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D55E91 second address: D55E96 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D55E96 second address: D55EEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push eax 0x0000000d call 00007F7524DC4548h 0x00000012 pop eax 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 add dword ptr [esp+04h], 0000001Bh 0x0000001f inc eax 0x00000020 push eax 0x00000021 ret 0x00000022 pop eax 0x00000023 ret 0x00000024 mov esi, dword ptr [ebp+122D2345h] 0x0000002a push 00000000h 0x0000002c mov dword ptr [ebp+122D2D8Ch], eax 0x00000032 call 00007F7524DC4549h 0x00000037 pushad 0x00000038 push eax 0x00000039 push edx 0x0000003a jmp 00007F7524DC454Dh 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D55EEA second address: D55F2B instructions: 0x00000000 rdtsc 0x00000002 jno 00007F7524C2A426h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push edx 0x0000000e pop edx 0x0000000f popad 0x00000010 popad 0x00000011 push eax 0x00000012 jmp 00007F7524C2A42Dh 0x00000017 mov eax, dword ptr [esp+04h] 0x0000001b push eax 0x0000001c jns 00007F7524C2A42Ch 0x00000022 pop eax 0x00000023 mov eax, dword ptr [eax] 0x00000025 jng 00007F7524C2A434h 0x0000002b push eax 0x0000002c push edx 0x0000002d jns 00007F7524C2A426h 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D55F2B second address: D55F43 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a pushad 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e jnp 00007F7524DC4546h 0x00000014 popad 0x00000015 push eax 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D55F43 second address: D55F7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 pop eax 0x00000007 jg 00007F7524C2A42Ch 0x0000000d push 00000003h 0x0000000f push 00000000h 0x00000011 mov ecx, dword ptr [ebp+122D3BC4h] 0x00000017 push 00000003h 0x00000019 jmp 00007F7524C2A42Ch 0x0000001e call 00007F7524C2A429h 0x00000023 pushad 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D55F7C second address: D55F92 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC454Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D55F92 second address: D55F96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D55F96 second address: D55FD1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC454Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b ja 00007F7524DC4556h 0x00000011 mov eax, dword ptr [esp+04h] 0x00000015 push eax 0x00000016 push edx 0x00000017 push ecx 0x00000018 jmp 00007F7524DC454Dh 0x0000001d pop ecx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D55FD1 second address: D56069 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jnl 00007F7524C2A426h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e jmp 00007F7524C2A437h 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 push edi 0x00000018 jmp 00007F7524C2A436h 0x0000001d pop edi 0x0000001e pop eax 0x0000001f and dh, FFFFFFB5h 0x00000022 lea ebx, dword ptr [ebp+12455CA5h] 0x00000028 push 00000000h 0x0000002a push eax 0x0000002b call 00007F7524C2A428h 0x00000030 pop eax 0x00000031 mov dword ptr [esp+04h], eax 0x00000035 add dword ptr [esp+04h], 0000001Ah 0x0000003d inc eax 0x0000003e push eax 0x0000003f ret 0x00000040 pop eax 0x00000041 ret 0x00000042 mov ecx, 38BF86FBh 0x00000047 movsx edi, dx 0x0000004a xchg eax, ebx 0x0000004b jno 00007F7524C2A43Ch 0x00000051 push eax 0x00000052 pushad 0x00000053 push eax 0x00000054 push edx 0x00000055 pushad 0x00000056 popad 0x00000057 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D56069 second address: D5607C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC454Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5619B second address: D561A1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D77B30 second address: D77B3A instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F7524DC4552h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D77B3A second address: D77B49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F7524C2A426h 0x0000000a pushad 0x0000000b push edx 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D425EC second address: D42609 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F7524DC4546h 0x0000000a jg 00007F7524DC4546h 0x00000010 popad 0x00000011 ja 00007F7524DC454Ch 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D42609 second address: D42611 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D42611 second address: D4263E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC454Dh 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edi 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007F7524DC454Bh 0x00000013 pop edi 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push ecx 0x00000017 push ebx 0x00000018 pushad 0x00000019 popad 0x0000001a pop ebx 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D75CE0 second address: D75CE6 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D760DE second address: D760F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 push edi 0x00000009 pop edi 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 jnc 00007F7524DC4546h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D760F5 second address: D76133 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524C2A433h 0x00000007 jmp 00007F7524C2A435h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jmp 00007F7524C2A432h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D76133 second address: D76138 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7627D second address: D76283 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D76283 second address: D76291 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D76291 second address: D76299 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D76299 second address: D762A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 popad 0x00000008 push ebx 0x00000009 push esi 0x0000000a push eax 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D76515 second address: D76531 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524C2A42Ah 0x00000007 jmp 00007F7524C2A42Bh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D76531 second address: D76541 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F7524DC4546h 0x0000000a pop ebx 0x0000000b push esi 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D766CD second address: D766D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D766D3 second address: D766D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D766D9 second address: D7670E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524C2A433h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edi 0x0000000c jmp 00007F7524C2A436h 0x00000011 pushad 0x00000012 push edx 0x00000013 pop edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7670E second address: D7671E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7524DC454Ah 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D76CE3 second address: D76CE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D77229 second address: D77233 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F7524DC4546h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7752E second address: D77533 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D77690 second address: D77699 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D77699 second address: D7769D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7D205 second address: D7D213 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F7524DC4546h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7D213 second address: D7D21F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F7524C2A426h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7FA50 second address: D7FA54 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7FA54 second address: D7FA5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7FA5A second address: D7FA60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7FA60 second address: D7FA64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7FA64 second address: D7FA87 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC4550h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f js 00007F7524DC4554h 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7FCBB second address: D7FCC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F7524C2A426h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7FCC6 second address: D7FCCC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7FCCC second address: D7FCD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7FCD0 second address: D7FCE2 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F7524DC4546h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D83712 second address: D83716 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D83716 second address: D8372C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC454Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007F7524DC4548h 0x0000000f push esi 0x00000010 pop esi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8372C second address: D83765 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524C2A42Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jl 00007F7524C2A428h 0x00000010 pushad 0x00000011 popad 0x00000012 jmp 00007F7524C2A42Ah 0x00000017 jmp 00007F7524C2A431h 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f pop eax 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D838AB second address: D838B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D838B3 second address: D838C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jg 00007F7524C2A42Eh 0x0000000b push edi 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D838C2 second address: D838C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D83A26 second address: D83A4A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pushad 0x0000000a popad 0x0000000b push edx 0x0000000c pop edx 0x0000000d popad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F7524C2A433h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D83D4B second address: D83D4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D83D4F second address: D83D53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D83D53 second address: D83D87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7524DC4554h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jnp 00007F7524DC4546h 0x00000013 jmp 00007F7524DC4552h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D83EE9 second address: D83EFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 ja 00007F7524C2A426h 0x0000000d jnp 00007F7524C2A426h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D83EFE second address: D83F03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D85737 second address: D85758 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F7524C2A43Bh 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D85758 second address: D85770 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7524DC4554h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D85770 second address: D85776 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4AE99 second address: D4AEAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F7524DC4546h 0x0000000a pop ebx 0x0000000b pushad 0x0000000c je 00007F7524DC4546h 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4AEAE second address: D4AED4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jmp 00007F7524C2A434h 0x0000000a pop ecx 0x0000000b pop edx 0x0000000c pop eax 0x0000000d je 00007F7524C2A451h 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4AED4 second address: D4AED8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4AED8 second address: D4AEF6 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F7524C2A426h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F7524C2A431h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D87D04 second address: D87D0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D87D0C second address: D87D10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D87DC8 second address: D87DE5 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F7524DC4546h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f jc 00007F7524DC4561h 0x00000015 push eax 0x00000016 push edx 0x00000017 jg 00007F7524DC4546h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8821C second address: D88225 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D88358 second address: D8835D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D88569 second address: D8856D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D88A61 second address: D88A6B instructions: 0x00000000 rdtsc 0x00000002 jl 00007F7524DC4546h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D88A6B second address: D88AE0 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F7524C2A43Bh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], ebx 0x0000000d push 00000000h 0x0000000f push ebx 0x00000010 call 00007F7524C2A428h 0x00000015 pop ebx 0x00000016 mov dword ptr [esp+04h], ebx 0x0000001a add dword ptr [esp+04h], 0000001Ch 0x00000022 inc ebx 0x00000023 push ebx 0x00000024 ret 0x00000025 pop ebx 0x00000026 ret 0x00000027 nop 0x00000028 pushad 0x00000029 push eax 0x0000002a jmp 00007F7524C2A436h 0x0000002f pop eax 0x00000030 jmp 00007F7524C2A42Eh 0x00000035 popad 0x00000036 push eax 0x00000037 push edi 0x00000038 push eax 0x00000039 push edx 0x0000003a push edx 0x0000003b pop edx 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D88C00 second address: D88C09 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D88C09 second address: D88C0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D88EE9 second address: D88EED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D88EED second address: D88EF1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D88EF1 second address: D88F07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jc 00007F7524DC454Ch 0x00000010 jnl 00007F7524DC4546h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D88F07 second address: D88F11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F7524C2A426h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D89031 second address: D89035 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D89E1C second address: D89E29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push ecx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D89E29 second address: D89E8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pop ecx 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push ecx 0x0000000c call 00007F7524DC4548h 0x00000011 pop ecx 0x00000012 mov dword ptr [esp+04h], ecx 0x00000016 add dword ptr [esp+04h], 00000016h 0x0000001e inc ecx 0x0000001f push ecx 0x00000020 ret 0x00000021 pop ecx 0x00000022 ret 0x00000023 mov esi, dword ptr [ebp+122D3EDCh] 0x00000029 push 00000000h 0x0000002b pushad 0x0000002c mov si, E21Bh 0x00000030 jmp 00007F7524DC454Ah 0x00000035 popad 0x00000036 push 00000000h 0x00000038 push 00000000h 0x0000003a push esi 0x0000003b call 00007F7524DC4548h 0x00000040 pop esi 0x00000041 mov dword ptr [esp+04h], esi 0x00000045 add dword ptr [esp+04h], 00000016h 0x0000004d inc esi 0x0000004e push esi 0x0000004f ret 0x00000050 pop esi 0x00000051 ret 0x00000052 xchg eax, ebx 0x00000053 push eax 0x00000054 push edx 0x00000055 push eax 0x00000056 push edx 0x00000057 pushad 0x00000058 popad 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D89E8F second address: D89E99 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F7524C2A426h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D89E99 second address: D89EC0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC4556h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f jg 00007F7524DC4546h 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8AE1B second address: D8AE1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8AE1F second address: D8AE25 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8C300 second address: D8C30A instructions: 0x00000000 rdtsc 0x00000002 ja 00007F7524C2A426h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8C30A second address: D8C30F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8C30F second address: D8C344 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F7524C2A426h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e mov esi, 45256D3Bh 0x00000013 push 00000000h 0x00000015 jmp 00007F7524C2A42Dh 0x0000001a push 00000000h 0x0000001c mov dword ptr [ebp+1245D8E7h], ecx 0x00000022 push eax 0x00000023 push eax 0x00000024 push edx 0x00000025 jno 00007F7524C2A428h 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8CEAD second address: D8CEB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8F114 second address: D8F126 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jno 00007F7524C2A426h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8D6F2 second address: D8D6F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8F126 second address: D8F12C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8FA51 second address: D8FAD0 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F7524DC454Dh 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e and si, DC54h 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push ebx 0x00000018 call 00007F7524DC4548h 0x0000001d pop ebx 0x0000001e mov dword ptr [esp+04h], ebx 0x00000022 add dword ptr [esp+04h], 0000001Ah 0x0000002a inc ebx 0x0000002b push ebx 0x0000002c ret 0x0000002d pop ebx 0x0000002e ret 0x0000002f jmp 00007F7524DC454Eh 0x00000034 mov di, 4046h 0x00000038 push 00000000h 0x0000003a push 00000000h 0x0000003c push esi 0x0000003d call 00007F7524DC4548h 0x00000042 pop esi 0x00000043 mov dword ptr [esp+04h], esi 0x00000047 add dword ptr [esp+04h], 00000014h 0x0000004f inc esi 0x00000050 push esi 0x00000051 ret 0x00000052 pop esi 0x00000053 ret 0x00000054 mov edi, dword ptr [ebp+12482D93h] 0x0000005a push eax 0x0000005b jl 00007F7524DC454Eh 0x00000061 push edx 0x00000062 push eax 0x00000063 push edx 0x00000064 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D901FD second address: D90203 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D90203 second address: D90207 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D91C13 second address: D91C17 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D91C17 second address: D91C1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D91C1D second address: D91C22 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9218C second address: D921E7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC454Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push edx 0x0000000d call 00007F7524DC4548h 0x00000012 pop edx 0x00000013 mov dword ptr [esp+04h], edx 0x00000017 add dword ptr [esp+04h], 00000014h 0x0000001f inc edx 0x00000020 push edx 0x00000021 ret 0x00000022 pop edx 0x00000023 ret 0x00000024 push 00000000h 0x00000026 call 00007F7524DC4555h 0x0000002b and ebx, 5CCE6D53h 0x00000031 pop edi 0x00000032 push 00000000h 0x00000034 jnc 00007F7524DC4546h 0x0000003a push eax 0x0000003b pushad 0x0000003c push eax 0x0000003d push edx 0x0000003e jo 00007F7524DC4546h 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D921E7 second address: D921EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D921EB second address: D921F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D931FB second address: D9328C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b mov di, cx 0x0000000e push 00000000h 0x00000010 push 00000000h 0x00000012 push edi 0x00000013 call 00007F7524C2A428h 0x00000018 pop edi 0x00000019 mov dword ptr [esp+04h], edi 0x0000001d add dword ptr [esp+04h], 0000001Dh 0x00000025 inc edi 0x00000026 push edi 0x00000027 ret 0x00000028 pop edi 0x00000029 ret 0x0000002a jmp 00007F7524C2A432h 0x0000002f and edi, dword ptr [ebp+122D2430h] 0x00000035 push 00000000h 0x00000037 push 00000000h 0x00000039 push eax 0x0000003a call 00007F7524C2A428h 0x0000003f pop eax 0x00000040 mov dword ptr [esp+04h], eax 0x00000044 add dword ptr [esp+04h], 00000016h 0x0000004c inc eax 0x0000004d push eax 0x0000004e ret 0x0000004f pop eax 0x00000050 ret 0x00000051 js 00007F7524C2A42Ch 0x00000057 mov dword ptr [ebp+1245D8E7h], ecx 0x0000005d jl 00007F7524C2A432h 0x00000063 jc 00007F7524C2A42Ch 0x00000069 add dword ptr [ebp+122D2360h], ebx 0x0000006f xchg eax, esi 0x00000070 pushad 0x00000071 push eax 0x00000072 push edx 0x00000073 push eax 0x00000074 push edx 0x00000075 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9328C second address: D93290 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D93290 second address: D932A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F7524C2A42Ah 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D932A7 second address: D932C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7524DC4559h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9234B second address: D9235D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7524C2A42Dh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9235D second address: D92383 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jnp 00007F7524DC4563h 0x0000000e pushad 0x0000000f jmp 00007F7524DC4555h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D92383 second address: D92400 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 nop 0x00000006 push 00000000h 0x00000008 push esi 0x00000009 call 00007F7524C2A428h 0x0000000e pop esi 0x0000000f mov dword ptr [esp+04h], esi 0x00000013 add dword ptr [esp+04h], 0000001Ah 0x0000001b inc esi 0x0000001c push esi 0x0000001d ret 0x0000001e pop esi 0x0000001f ret 0x00000020 jmp 00007F7524C2A436h 0x00000025 push dword ptr fs:[00000000h] 0x0000002c add ebx, dword ptr [ebp+122D3E6Ch] 0x00000032 mov dword ptr fs:[00000000h], esp 0x00000039 mov dword ptr [ebp+12485C1Ah], edx 0x0000003f mov eax, dword ptr [ebp+122D0229h] 0x00000045 mov edi, eax 0x00000047 push FFFFFFFFh 0x00000049 sbb di, 5A99h 0x0000004e push eax 0x0000004f push eax 0x00000050 push edx 0x00000051 jmp 00007F7524C2A433h 0x00000056 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D952B2 second address: D952B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D94406 second address: D9440C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D953E3 second address: D9540B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007F7524DC4559h 0x0000000c pop eax 0x0000000d popad 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9540B second address: D95410 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D98361 second address: D98367 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9937F second address: D99384 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D99384 second address: D993F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F7524DC4557h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp], eax 0x00000010 mov dword ptr [ebp+124817CBh], ebx 0x00000016 push 00000000h 0x00000018 pushad 0x00000019 or dx, F8BDh 0x0000001e pushad 0x0000001f pushad 0x00000020 popad 0x00000021 adc ch, 00000060h 0x00000024 popad 0x00000025 popad 0x00000026 push 00000000h 0x00000028 jmp 00007F7524DC4557h 0x0000002d push eax 0x0000002e push esi 0x0000002f pushad 0x00000030 jmp 00007F7524DC4558h 0x00000035 push eax 0x00000036 push edx 0x00000037 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D985CD second address: D985F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jl 00007F7524C2A43Bh 0x0000000f jmp 00007F7524C2A435h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9A4D7 second address: D9A4DC instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9A4DC second address: D9A557 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a jmp 00007F7524C2A42Eh 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push ecx 0x00000014 call 00007F7524C2A428h 0x00000019 pop ecx 0x0000001a mov dword ptr [esp+04h], ecx 0x0000001e add dword ptr [esp+04h], 00000017h 0x00000026 inc ecx 0x00000027 push ecx 0x00000028 ret 0x00000029 pop ecx 0x0000002a ret 0x0000002b movzx ebx, ax 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 push ebx 0x00000033 call 00007F7524C2A428h 0x00000038 pop ebx 0x00000039 mov dword ptr [esp+04h], ebx 0x0000003d add dword ptr [esp+04h], 00000015h 0x00000045 inc ebx 0x00000046 push ebx 0x00000047 ret 0x00000048 pop ebx 0x00000049 ret 0x0000004a mov ebx, 761563C7h 0x0000004f sub dword ptr [ebp+122D274Bh], esi 0x00000055 xchg eax, esi 0x00000056 push eax 0x00000057 push edx 0x00000058 jmp 00007F7524C2A432h 0x0000005d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9A557 second address: D9A55C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9CD12 second address: D9CD66 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F7524C2A42Ah 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c mov ebx, 50039D5Ch 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push edi 0x00000016 call 00007F7524C2A428h 0x0000001b pop edi 0x0000001c mov dword ptr [esp+04h], edi 0x00000020 add dword ptr [esp+04h], 00000016h 0x00000028 inc edi 0x00000029 push edi 0x0000002a ret 0x0000002b pop edi 0x0000002c ret 0x0000002d mov dword ptr [ebp+122D1DFCh], edx 0x00000033 push 00000000h 0x00000035 mov bx, A8ADh 0x00000039 push eax 0x0000003a pushad 0x0000003b jc 00007F7524C2A42Ch 0x00000041 jns 00007F7524C2A426h 0x00000047 push eax 0x00000048 push edx 0x00000049 push eax 0x0000004a push edx 0x0000004b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9CD66 second address: D9CD6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9EB19 second address: D9EB21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9F9D6 second address: D9F9F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007F7524DC454Ch 0x0000000c popad 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9F9F0 second address: D9F9F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9F9F7 second address: D9FA09 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7524DC454Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9FA09 second address: D9FA71 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push edx 0x0000000c call 00007F7524C2A428h 0x00000011 pop edx 0x00000012 mov dword ptr [esp+04h], edx 0x00000016 add dword ptr [esp+04h], 00000014h 0x0000001e inc edx 0x0000001f push edx 0x00000020 ret 0x00000021 pop edx 0x00000022 ret 0x00000023 sub dword ptr [ebp+122D2D50h], edi 0x00000029 push 00000000h 0x0000002b push 00000000h 0x0000002d push esi 0x0000002e call 00007F7524C2A428h 0x00000033 pop esi 0x00000034 mov dword ptr [esp+04h], esi 0x00000038 add dword ptr [esp+04h], 00000015h 0x00000040 inc esi 0x00000041 push esi 0x00000042 ret 0x00000043 pop esi 0x00000044 ret 0x00000045 cld 0x00000046 push 00000000h 0x00000048 sbb ebx, 1BB26C5Eh 0x0000004e jmp 00007F7524C2A42Fh 0x00000053 xchg eax, esi 0x00000054 pushad 0x00000055 push eax 0x00000056 push edx 0x00000057 push eax 0x00000058 push edx 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9FA71 second address: D9FA75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9CF80 second address: D9CFA0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7524C2A432h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 push edi 0x00000012 pop edi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9EC51 second address: D9EC5B instructions: 0x00000000 rdtsc 0x00000002 jne 00007F7524DC4546h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9A6F3 second address: D9A6F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA0A01 second address: DA0A73 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC4550h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push ecx 0x00000010 call 00007F7524DC4548h 0x00000015 pop ecx 0x00000016 mov dword ptr [esp+04h], ecx 0x0000001a add dword ptr [esp+04h], 0000001Ah 0x00000022 inc ecx 0x00000023 push ecx 0x00000024 ret 0x00000025 pop ecx 0x00000026 ret 0x00000027 mov edi, dword ptr [ebp+122D1D96h] 0x0000002d push 00000000h 0x0000002f call 00007F7524DC454Fh 0x00000034 jmp 00007F7524DC4550h 0x00000039 pop edi 0x0000003a mov dword ptr [ebp+122D1E32h], edx 0x00000040 push 00000000h 0x00000042 mov edi, eax 0x00000044 push eax 0x00000045 push eax 0x00000046 push edx 0x00000047 push ebx 0x00000048 push eax 0x00000049 push edx 0x0000004a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA0A73 second address: DA0A78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA1AF2 second address: DA1AF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA0C2B second address: DA0C41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7524C2A42Dh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA0C41 second address: DA0C45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA0C45 second address: DA0C6A instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F7524C2A426h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F7524C2A437h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA0C6A second address: DA0CDA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 pop eax 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b and ebx, 2665DB00h 0x00000011 push dword ptr fs:[00000000h] 0x00000018 or dword ptr [ebp+1245016Eh], ebx 0x0000001e mov dword ptr fs:[00000000h], esp 0x00000025 push 00000000h 0x00000027 push ecx 0x00000028 call 00007F7524DC4548h 0x0000002d pop ecx 0x0000002e mov dword ptr [esp+04h], ecx 0x00000032 add dword ptr [esp+04h], 0000001Ch 0x0000003a inc ecx 0x0000003b push ecx 0x0000003c ret 0x0000003d pop ecx 0x0000003e ret 0x0000003f mov dword ptr [ebp+122D23C4h], ebx 0x00000045 mov edi, 4DF371CCh 0x0000004a mov eax, dword ptr [ebp+122D1779h] 0x00000050 mov di, 615Ah 0x00000054 push FFFFFFFFh 0x00000056 mov ebx, 29EAB749h 0x0000005b push eax 0x0000005c jbe 00007F7524DC4554h 0x00000062 push eax 0x00000063 push edx 0x00000064 pushad 0x00000065 popad 0x00000066 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA0CDA second address: DA0CDE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA2C5C second address: DA2C60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA2C60 second address: DA2C66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA2C66 second address: DA2C6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA1D8C second address: DA1D92 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA2DBE second address: DA2DD5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC4553h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA2DD5 second address: DA2DDF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F7524C2A426h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D40AD8 second address: D40AE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D40AE1 second address: D40AE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D40AE7 second address: D40AF7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 js 00007F7524DC4546h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f pop edi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D40AF7 second address: D40B12 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524C2A437h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAC2D2 second address: DAC314 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 js 00007F7524DC4546h 0x0000000c popad 0x0000000d pop eax 0x0000000e pushad 0x0000000f jmp 00007F7524DC4556h 0x00000014 pushad 0x00000015 push edx 0x00000016 pop edx 0x00000017 jmp 00007F7524DC454Dh 0x0000001c jmp 00007F7524DC454Bh 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB00EF second address: DB00F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB00F5 second address: DB010C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F7524DC454Ch 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB010C second address: DB0117 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007F7524C2A426h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB02EC second address: DB0313 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC4554h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ecx 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e pop edx 0x0000000f pop ecx 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 pushad 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB0313 second address: DB0343 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jns 00007F7524C2A426h 0x0000000e jmp 00007F7524C2A435h 0x00000013 popad 0x00000014 popad 0x00000015 mov eax, dword ptr [eax] 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a jp 00007F7524C2A426h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB0343 second address: DB0347 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB0347 second address: DB036E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jmp 00007F7524C2A42Fh 0x0000000c pop edx 0x0000000d popad 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 pushad 0x00000013 pushad 0x00000014 push eax 0x00000015 pop eax 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c pop eax 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB8BE1 second address: DB8BEB instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F7524DC4546h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB8BEB second address: DB8BFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jnl 00007F7524C2A426h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB7F93 second address: DB7F9E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007F7524DC4546h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB7F9E second address: DB7FA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB7FA4 second address: DB7FAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB8239 second address: DB8253 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524C2A436h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB8253 second address: DB8266 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007F7524DC4546h 0x00000009 jnl 00007F7524DC4546h 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB8266 second address: DB8293 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnp 00007F7524C2A436h 0x0000000b jmp 00007F7524C2A42Ah 0x00000010 jno 00007F7524C2A426h 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push eax 0x00000019 jg 00007F7524C2A42Ch 0x0000001f jnl 00007F7524C2A426h 0x00000025 pushad 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB8293 second address: DB8299 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB8553 second address: DB855D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F7524C2A426h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB88C1 second address: DB88D6 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F7524DC4546h 0x00000008 jmp 00007F7524DC454Bh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB88D6 second address: DB88DF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB88DF second address: DB88EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB88EE second address: DB88F4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB88F4 second address: DB88FF instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jng 00007F7524DC4546h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB88FF second address: DB8908 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB8A69 second address: DB8A6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB8A6D second address: DB8A71 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB8A71 second address: DB8A7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBC120 second address: DBC126 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBC126 second address: DBC12A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBC12A second address: DBC172 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524C2A432h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F7524C2A437h 0x0000000e push eax 0x0000000f push edx 0x00000010 jg 00007F7524C2A426h 0x00000016 jmp 00007F7524C2A433h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBC172 second address: DBC176 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBC176 second address: DBC17C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC27EC second address: DC27F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC17DC second address: DC17E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC17E4 second address: DC17E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC191B second address: DC192C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 popad 0x00000008 ja 00007F7524C2A430h 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC1BB7 second address: DC1BBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC1CDD second address: DC1CE1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC1CE1 second address: DC1CE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC1CE7 second address: DC1D09 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7524C2A42Eh 0x00000008 jmp 00007F7524C2A42Fh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC1D09 second address: DC1D11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC1D11 second address: DC1D19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC2017 second address: DC2021 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F7524DC4546h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC2021 second address: DC202B instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F7524C2A426h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC724F second address: DC7253 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC762A second address: DC762E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC7E40 second address: DC7E44 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC7E44 second address: DC7E4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4CA4D second address: D4CA6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7524DC4552h 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e jg 00007F7524DC4546h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4CA6E second address: D4CA96 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524C2A42Bh 0x00000007 jmp 00007F7524C2A431h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jp 00007F7524C2A426h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8678B second address: D86791 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D86899 second address: D868A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F7524C2A426h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D86E01 second address: D86E05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D86E05 second address: D86E0F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D86E0F second address: D86E13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D86E13 second address: D86E17 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D86E17 second address: D86E45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 jnl 00007F7524DC4558h 0x0000000f mov dword ptr [esp+04h], eax 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 jbe 00007F7524DC4546h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D86E45 second address: D86E4F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D86F55 second address: D86FC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 jnl 00007F7524DC4548h 0x0000000d popad 0x0000000e push eax 0x0000000f push ecx 0x00000010 jmp 00007F7524DC4552h 0x00000015 pop ecx 0x00000016 xchg eax, esi 0x00000017 push 00000000h 0x00000019 push edi 0x0000001a call 00007F7524DC4548h 0x0000001f pop edi 0x00000020 mov dword ptr [esp+04h], edi 0x00000024 add dword ptr [esp+04h], 00000015h 0x0000002c inc edi 0x0000002d push edi 0x0000002e ret 0x0000002f pop edi 0x00000030 ret 0x00000031 mov dx, 559Ah 0x00000035 nop 0x00000036 pushad 0x00000037 push ebx 0x00000038 jmp 00007F7524DC4558h 0x0000003d pop ebx 0x0000003e push eax 0x0000003f push edx 0x00000040 jbe 00007F7524DC4546h 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D86FC0 second address: D86FDE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524C2A434h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D879FD second address: D87A01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCD135 second address: DCD139 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCD139 second address: DCD14D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC4550h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCD14D second address: DCD17B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 pushad 0x00000008 jmp 00007F7524C2A434h 0x0000000d push edx 0x0000000e jne 00007F7524C2A426h 0x00000014 pop edx 0x00000015 push eax 0x00000016 push edx 0x00000017 jne 00007F7524C2A426h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCD17B second address: DCD17F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCD2E9 second address: DCD31C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7524C2A433h 0x00000009 popad 0x0000000a je 00007F7524C2A428h 0x00000010 push edi 0x00000011 pop edi 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F7524C2A431h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCD31C second address: DCD328 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F7524DC4546h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCD328 second address: DCD32C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCD473 second address: DCD483 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push edx 0x00000007 pop edx 0x00000008 jl 00007F7524DC4546h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCD5CD second address: DCD5F3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F7524C2A437h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edi 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 pop edi 0x00000011 push ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD2674 second address: DD2678 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD2678 second address: DD2682 instructions: 0x00000000 rdtsc 0x00000002 js 00007F7524C2A426h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD792A second address: DD7941 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC4553h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD7941 second address: DD7948 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD7AB0 second address: DD7AB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD7AB4 second address: DD7ABA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD7ABA second address: DD7AC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD7AC4 second address: DD7ACA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE08A second address: DDE0B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F7524DC4559h 0x0000000e jg 00007F7524DC4546h 0x00000014 pushad 0x00000015 popad 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE0B7 second address: DDE0BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE0BF second address: DDE0D3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 ja 00007F7524DC4546h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jne 00007F7524DC454Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE540 second address: DDE560 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F7524C2A426h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b jmp 00007F7524C2A434h 0x00000010 pop ecx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE560 second address: DDE56C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F7524DC4546h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE56C second address: DDE570 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE570 second address: DDE574 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE574 second address: DDE59E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnl 00007F7524C2A42Eh 0x00000010 jng 00007F7524C2A432h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE59E second address: DDE5AD instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F7524DC454Ah 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE5AD second address: DDE5C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007F7524C2A430h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE748 second address: DDE775 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007F7524DC4546h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F7524DC4557h 0x00000015 push ebx 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 push ebx 0x00000019 pop ebx 0x0000001a pop ebx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE775 second address: DDE788 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F7524C2A42Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE8EF second address: DDE919 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F7524DC4552h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F7524DC4552h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE919 second address: DDE93B instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F7524C2A444h 0x00000008 jmp 00007F7524C2A438h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE93B second address: DDE974 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F7524DC4556h 0x0000000d push eax 0x0000000e push edx 0x0000000f jo 00007F7524DC4546h 0x00000015 jmp 00007F7524DC4553h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE974 second address: DDE978 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE978 second address: DDE97E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE428C second address: DE42A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7524C2A432h 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE42A6 second address: DE42AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE42AC second address: DE42B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE3AF1 second address: DE3AF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE3AF5 second address: DE3B0F instructions: 0x00000000 rdtsc 0x00000002 jns 00007F7524C2A426h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d je 00007F7524C2A426h 0x00000013 js 00007F7524C2A426h 0x00000019 pop eax 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE3B0F second address: DE3B25 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F7524DC454Ch 0x00000008 js 00007F7524DC4546h 0x0000000e push eax 0x0000000f push edx 0x00000010 jnp 00007F7524DC4546h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE3B25 second address: DE3B29 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE3B29 second address: DE3B2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE3CAE second address: DE3CF7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524C2A42Dh 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F7524C2A431h 0x0000000f jmp 00007F7524C2A438h 0x00000014 js 00007F7524C2A426h 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d push ecx 0x0000001e push eax 0x0000001f push edx 0x00000020 push ecx 0x00000021 pop ecx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE776C second address: DE7787 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC4550h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push esi 0x0000000b pop esi 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE78BF second address: DE78C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE78C8 second address: DE78D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE78D9 second address: DE790C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F7524C2A426h 0x0000000a popad 0x0000000b jbe 00007F7524C2A432h 0x00000011 jnc 00007F7524C2A426h 0x00000017 jo 00007F7524C2A426h 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F7524C2A432h 0x00000024 pushad 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE790C second address: DE7923 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC4553h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE7D19 second address: DE7D30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 jmp 00007F7524C2A42Ah 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE7D30 second address: DE7D49 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC4555h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE8052 second address: DE8056 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE9C7C second address: DE9CDA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC4555h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f push edi 0x00000010 pop edi 0x00000011 je 00007F7524DC4546h 0x00000017 popad 0x00000018 jmp 00007F7524DC454Bh 0x0000001d jmp 00007F7524DC4556h 0x00000022 pushad 0x00000023 push ecx 0x00000024 pop ecx 0x00000025 jmp 00007F7524DC4550h 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF0B77 second address: DF0B7B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF0E1E second address: DF0E31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007F7524DC454Eh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF0E31 second address: DF0E67 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jo 00007F7524C2A426h 0x00000009 jmp 00007F7524C2A439h 0x0000000e pop edx 0x0000000f jl 00007F7524C2A428h 0x00000015 push edi 0x00000016 pop edi 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push ecx 0x0000001a je 00007F7524C2A432h 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF0E67 second address: DF0E6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF1960 second address: DF1965 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF1C83 second address: DF1C93 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC454Ah 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF1C93 second address: DF1C9E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007F7524C2A426h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DFA418 second address: DFA41E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DFA41E second address: DFA445 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 jmp 00007F7524C2A430h 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F7524C2A42Eh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DFA445 second address: DFA464 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC454Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jl 00007F7524DC4546h 0x00000010 pushad 0x00000011 popad 0x00000012 push edi 0x00000013 pop edi 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DFA827 second address: DFA82B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DFAC25 second address: DFAC2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DFAC2B second address: DFAC2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DFAC2F second address: DFAC33 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E04F5A second address: E04F5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E04F5E second address: E04F6F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 js 00007F7524DC4546h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E04F6F second address: E04F7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E04F7A second address: E04FA8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC4551h 0x00000007 jnp 00007F7524DC4546h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F7524DC454Eh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E04FA8 second address: E04FAC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E04FAC second address: E04FB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0312E second address: E0316F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7524C2A434h 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b jmp 00007F7524C2A438h 0x00000010 popad 0x00000011 push ebx 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 pop ebx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 je 00007F7524C2A426h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0316F second address: E03173 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E03173 second address: E03190 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a jne 00007F7524C2A430h 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E03190 second address: E031B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F7524DC4546h 0x0000000a jng 00007F7524DC4546h 0x00000010 popad 0x00000011 pushad 0x00000012 jmp 00007F7524DC454Ch 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E031B0 second address: E031C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pushad 0x0000000a jnp 00007F7524C2A426h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E03703 second address: E03736 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 jmp 00007F7524DC4552h 0x0000000b jp 00007F7524DC4546h 0x00000011 jno 00007F7524DC4546h 0x00000017 popad 0x00000018 jp 00007F7524DC4552h 0x0000001e jo 00007F7524DC4546h 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E03B38 second address: E03B68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7524C2A435h 0x00000009 pop edx 0x0000000a jmp 00007F7524C2A42Eh 0x0000000f popad 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E03B68 second address: E03B6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E03B6C second address: E03B77 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push esi 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E03E05 second address: E03E44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F7524DC4546h 0x0000000a pop ecx 0x0000000b pushad 0x0000000c jmp 00007F7524DC4555h 0x00000011 push edx 0x00000012 pop edx 0x00000013 pushad 0x00000014 popad 0x00000015 jmp 00007F7524DC4555h 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E03E44 second address: E03E48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E08CC7 second address: E08CCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E08CCE second address: E08CDA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F7524C2A426h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E08CDA second address: E08CEA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push esi 0x0000000e pop esi 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E08CEA second address: E08CEF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0C295 second address: E0C299 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0C299 second address: E0C2BC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524C2A437h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007F7524C2A42Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0BC76 second address: E0BC7A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0BC7A second address: E0BC80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0BC80 second address: E0BCA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 jmp 00007F7524DC4555h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0BDE3 second address: E0BDFB instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F7524C2A430h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0BF8D second address: E0BF97 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F7524DC454Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1763A second address: E1766A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524C2A439h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007F7524C2A42Ch 0x0000000f pop ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1766A second address: E1766E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1766E second address: E17672 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E17672 second address: E17688 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 je 00007F7524DC4546h 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 pushad 0x00000012 popad 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1723C second address: E17243 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E17243 second address: E1724D instructions: 0x00000000 rdtsc 0x00000002 je 00007F7524DC454Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E17383 second address: E1738A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1738A second address: E17391 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1AF38 second address: E1AF3D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E22ED7 second address: E22EFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F7524DC454Eh 0x00000010 jmp 00007F7524DC454Dh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E22EFD second address: E22F12 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524C2A431h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E22F12 second address: E22F49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F7524DC4553h 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jng 00007F7524DC4546h 0x00000013 jmp 00007F7524DC4556h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E36BC5 second address: E36BCF instructions: 0x00000000 rdtsc 0x00000002 jg 00007F7524C2A426h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E36BCF second address: E36BE9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC4550h 0x00000007 jng 00007F7524DC454Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E36BE9 second address: E36BFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007F7524C2A438h 0x0000000c push eax 0x0000000d push edx 0x0000000e jns 00007F7524C2A426h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E36BFD second address: E36C01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E3552D second address: E35546 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F7524C2A431h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E356B1 second address: E356B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E356B9 second address: E356BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E356BD second address: E356C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E35816 second address: E3581C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E3597C second address: E3599C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 jl 00007F7524DC4548h 0x0000000e push eax 0x0000000f pop eax 0x00000010 jmp 00007F7524DC4550h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E3599C second address: E359A9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jg 00007F7524C2A426h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E35B38 second address: E35B3C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E35B3C second address: E35B5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F7524C2A437h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E35B5E second address: E35B64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E35B64 second address: E35B6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E35B6F second address: E35B7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F7524DC4546h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E35DF1 second address: E35E03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push edx 0x00000006 pop edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 popad 0x0000000a pop edx 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E35E03 second address: E35E07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E35E07 second address: E35E39 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524C2A436h 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ebx 0x0000000c jmp 00007F7524C2A433h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E368F9 second address: E36902 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E36902 second address: E3691B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7524C2A435h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4F100 second address: E4F106 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E5D132 second address: E5D14E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F7524C2A436h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E5F469 second address: E5F47E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 ja 00007F7524DC4548h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E5F47E second address: E5F488 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F7524C2A426h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E5F488 second address: E5F48E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E5F48E second address: E5F493 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E783A7 second address: E783B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F7524DC4546h 0x0000000a pop ebx 0x0000000b pushad 0x0000000c push esi 0x0000000d pop esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E783B7 second address: E783F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnp 00007F7524C2A42Ch 0x0000000b popad 0x0000000c pushad 0x0000000d jp 00007F7524C2A428h 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 jmp 00007F7524C2A437h 0x0000001a push eax 0x0000001b push edx 0x0000001c jnc 00007F7524C2A426h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E783F1 second address: E783FC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E786CD second address: E786D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E786D3 second address: E78703 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F7524DC4552h 0x0000000a push edi 0x0000000b jmp 00007F7524DC4556h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E78847 second address: E7884B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E78CE0 second address: E78CE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E78F8A second address: E78F8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7D308 second address: E7D30C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7D30C second address: E7D324 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jnp 00007F7524C2A426h 0x00000011 jl 00007F7524C2A426h 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7D324 second address: E7D340 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7524DC4557h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7D579 second address: E7D5BD instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov dword ptr [esp], eax 0x0000000a mov edx, dword ptr [ebp+12485C43h] 0x00000010 push 00000004h 0x00000012 mov dword ptr [ebp+122D1E80h], eax 0x00000018 call 00007F7524C2A429h 0x0000001d jl 00007F7524C2A43Dh 0x00000023 push edi 0x00000024 jmp 00007F7524C2A435h 0x00000029 pop edi 0x0000002a push eax 0x0000002b push esi 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7D5BD second address: E7D5D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7D5D0 second address: E7D5DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F7524C2A426h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7D7E8 second address: E7D7FE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F7524DC454Eh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7D7FE second address: E7D802 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7D802 second address: E7D80F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7F240 second address: E7F24B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E80D57 second address: E80D73 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F7524DC4552h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E80D73 second address: E80D77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E80D77 second address: E80D8C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 ja 00007F7524DC4546h 0x0000000f jng 00007F7524DC4546h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8AA6E second address: D8AA78 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F7524C2A42Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8AA78 second address: D8AA90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 jnp 00007F7524DC454Ch 0x0000000e jnc 00007F7524DC4546h 0x00000014 push eax 0x00000015 push edx 0x00000016 push ecx 0x00000017 pop ecx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8AC45 second address: D8AC4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: BD3F87 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: BD3FB8 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: D8691D instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe TID: 5796

Thread sleep time: -60000s >= -30000s

Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.1726083406.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726083406.0000000001593000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00BB5BB0 LdrInitializeThunk,

0_2_00BB5BB0

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: file.exe	String found in binary or memory: licendfilteo.site
Source: file.exe	String found in binary or memory: clearancek.site
Source: file.exe	String found in binary or memory: bathdoomgaz.stor
Source: file.exe	String found in binary or memory: spirittunek.stor
Source: file.exe	String found in binary or memory: dissapoiznw.stor
Source: file.exe	String found in binary or memory: studennotediw.stor
Source: file.exe	String found in binary or memory: mobbipenju.stor
Source: file.exe	String found in binary or memory: eaglepawnoy.stor

Source: file.exe, 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: Program Manager

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 PowerShell	1 DLL Side-Loading	1 Process Injection	24 Virtualization/Sandbox Evasion	OS Credential Dumping	631 Security Software Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Process Injection	LSASS Memory	24 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	11 Deobfuscate/Decode Files or Information	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	4 Obfuscated Files or Information	NTDS	23 System Information Discovery	Distributed Component Object Model	Input Capture	114 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
https://player.vimeo.com	0%	URL Reputation	safe
https://store.steampowered.com/subscriber_agreement/	0%	URL Reputation	safe
https://www.gstatic.cn/recaptcha/	0%	URL Reputation	safe
http://www.valvesoftware.com/legal.htm	0%	URL Reputation	safe
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	0%	URL Reputation	safe
https://steam.tv/	0%	URL Reputation	safe
https://steamcommunity.com:443/profiles/76561199724331900	100%	URL Reputation	malware
https://store.steampowered.com/points/shop/	0%	URL Reputation	safe
https://lv.queniujq.cn	0%	URL Reputation	safe
https://store.steampowered.com/privacy_agreement/	0%	URL Reputation	safe
https://checkout.steampowered.com/	0%	URL Reputation	safe
https://store.steampowered.com/;	0%	URL Reputation	safe
https://store.steampowered.com/about/	0%	URL Reputation	safe
https://help.steampowered.com/en/	0%	URL Reputation	safe
https://store.steampowered.com/news/	0%	URL Reputation	safe
https://recaptcha.net/recaptcha/;	0%	URL Reputation	safe
https://store.steampowered.com/stats/	0%	URL Reputation	safe
https://medal.tv	0%	URL Reputation	safe
https://broadcast.st.dl.eccdnx.com	0%	URL Reputation	safe
https://store.steampowered.com/steam_refunds/	0%	URL Reputation	safe
https://login.steampowered.com/	0%	URL Reputation	safe
https://recaptcha.net	0%	URL Reputation	safe
https://store.steampowered.com/	0%	URL Reputation	safe
https://help.steampowered.com/	0%	URL Reputation	safe
https://api.steampowered.com/	0%	URL Reputation	safe
https://store.steampowered.com/mobile	0%	URL Reputation	safe
https://steamcommunity.com/profiles/76561199724331900/badges	100%	URL Reputation	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
steamcommunity.com	104.102.49.254	true	true	unknown
sergei-esenin.com	104.21.53.8	true	true	unknown
eaglepawnoy.store	unknown	unknown	true	unknown
bathdoomgaz.store	unknown	unknown	true	unknown
spirittunek.store	unknown	unknown	true	unknown
licendfilteo.site	unknown	unknown	true	unknown
studennotediw.store	unknown	unknown	true	unknown
mobbipenju.store	unknown	unknown	true	unknown
clearancek.site	unknown	unknown	true	unknown
dissapoiznw.store	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Reputation
studennotediw.store	true	unknown
dissapoiznw.store	true	unknown
https://steamcommunity.com/profiles/76561199724331900	true	unknown
eaglepawnoy.store	true	unknown
bathdoomgaz.store	true	unknown
clearancek.site	true	unknown
spirittunek.store	true	unknown
licendfilteo.site	true	unknown
mobbipenju.store	true	unknown
https://sergei-esenin.com/api	true	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://player.vimeo.com	file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/javascript/promo/stickers.js?v=W8NP8aTVqtms&l=english	file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/?subsection=broadcasts	file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/shared/css/motiva_sans.css?v=v7XTmVzbLV33&l=english	file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://sergei-esenin.com/	file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/css/globalv2.css?v=dQy8Omh4p9PH&l=english	file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/subscriber_agreement/	file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.gstatic.cn/recaptcha/	file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.valvesoftware.com/legal.htm	file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.youtube.com	file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.google.com	file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0	file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1	file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/	file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://s.ytimg.com;	file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://eaglepawnoy.store:443/api	file.exe, 00000000.00000002.1726083406.000000000157F000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steam.tv/	file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016	file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://lv.queniujq~	file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://licendfilteo.site:443/api	file.exe, 00000000.00000002.1726083406.000000000157F000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://api.st	file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC	file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/css/skin_1/profilev2.css?v=t9xiI4DlPpEB&l=english	file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com:443/profiles/76561199724331900	file.exe, 00000000.00000002.1726083406.000000000157F000.00000004.00000020.00020000.00000000.sdmp	true	URL Reputation: malware	unknown
https://store.steampowered.com/points/shop/	file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/javascript/applications/community/main.js?v=4XouecKy8sZy&am	file.exe, 00000000.00000003.1724600149.00000000015B7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://clearancek.site/api	file.exe, 00000000.00000002.1726083406.000000000157F000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://sketchfab.com	file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://lv.queniujq.cn	file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.youtube.com/	file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/shared/css/shared_global.css?v=uF6G1wyNU-4c&l=english	file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png	file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/privacy_agreement/	file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://sergei-esenin.com:443/api	file.exe, 00000000.00000002.1726083406.000000000157F000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/profiles/76561199724331900h6DG	file.exe, 00000000.00000002.1726083406.000000000157F000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.google.com/recaptcha/	file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://checkout.steampowered.com/	file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw	file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/;	file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/css/promo/summer2017/stickers.css?v=P8gOPraCSjV6&l=engl	file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/about/	file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/my/wishlist/	file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL&l=	file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://sergei-esenin.com/apii	file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://help.steampowered.com/en/	file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/market/	file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/news/	file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/javascript/global.js?v=7qlUmHSJhPRN&l=english	file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english	file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://recaptcha.net/recaptcha/;	file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/javascript/applications/community/manifest.js?v=r7a4-LYcQOj	file.exe, 00000000.00000003.1724600149.00000000015B7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/discussions/	file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/stats/	file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://medal.tv	file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://broadcast.st.dl.eccdnx.com	file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/steam_refunds/	file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/shared/css/buttons.css?v=-WV9f1LdxEjq&l=english	file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/javascript/applications/community/libraries~b28b7af69.js?v=	file.exe, 00000000.00000003.1724600149.00000000015B7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900	file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a61	file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/	file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/css/applications/community/main.css?v=DVae4t4RZiHA&l=en	file.exe, 00000000.00000003.1724600149.00000000015B7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/workshop/	file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://login.steampowered.com/	file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/shared/images/responsive/header_logo.png	file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/javascript/profile.js?v=bbs9uq0gqJ-H&l=english	file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/css/skin_1/header.css?v=pTvrRy1pm52p&l=english	file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://recaptcha.net	file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/	file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/shared/javascript/shared_global.js?v=7glT1n_nkVCs&l=eng	file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://127.0.0.1:27060	file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg	file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=english	file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/javascript/webui/clientcom.js?v=jq1jQyX1843y&l=english	file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&l=engl	file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://spirittunek.store:443/api	file.exe, 00000000.00000002.1726083406.000000000157F000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://clearancek.site:443/apiapi	file.exe, 00000000.00000002.1726083406.000000000157F000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/images/skin_1/arrowDn9x5.gif	file.exe, 00000000.00000003.1724600149.00000000015B7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://help.steampowered.com/	file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://api.steampowered.com/	file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvIAKtunf	file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/shared/css/shared_responsive.css?v=kR9MtmbWSZEp&l=engli	file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/mobile	file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/	file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/profiles/76561199724331900/badges	file.exe, 00000000.00000002.1726248405.00000000015B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015B7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	true	URL Reputation: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.21.53.8	sergei-esenin.com	United States		13335	CLOUDFLARENETUS	true
104.102.49.254	steamcommunity.com	United States		16625	AKAMAI-ASUS	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1538235
Start date and time:	2024-10-20 21:14:07 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 34s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	1
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@1/0@10/2
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: file.exe

Simulations

Behavior and APIs

Time	Type	Description
15:15:00	API Interceptor	3x Sleep call for process: file.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.21.53.8	file.exe	Get hash	malicious	LummaC	Browse
	WinFIG.exe	Get hash	malicious	LummaC	Browse
	WinFIG-2024.exe	Get hash	malicious	LummaC	Browse
	Download.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	cH4EGgNUR7.exe	Get hash	malicious	LummaC	Browse
	6FecO9d3l9.exe	Get hash	malicious	LummaC	Browse
	S3AYU5t2JP.exe	Get hash	malicious	LummaC, Amadey, Stealc	Browse
	PTc16LnPI5.exe	Get hash	malicious	LummaC	Browse
104.102.49.254	http://gtm-cn-j4g3qqvf603.steamproxy1.com/	Get hash	malicious	Unknown	Browse	www.valvesoftware.com/legal.htm

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
sergei-esenin.com	file.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
	file.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	WinFIG.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
	WinFIG-2024.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
	file.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	SentinelOculus.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	Download.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.21.53.8
	file.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	file.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
steamcommunity.com	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	Unlock_Tool_2.3.1.exe	Get hash	malicious	Vidar	Browse	104.102.49.254
	WinFIG.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	WinFIG-2024.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	SentinelOculus.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	Download.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	G9e272AEyo.exe	Get hash	malicious	Unknown	Browse	104.26.1.5
	oMBUxRQ4cj.exe	Get hash	malicious	Unknown	Browse	104.26.0.5
	sims-4-updater-v1.3.4.exe	Get hash	malicious	Unknown	Browse	172.67.75.40
	file.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
	file.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	RFQ_PO-GGA7765JK09_MATERIALS_SPECIFICATIONS.scr.exe	Get hash	malicious	PureLog Stealer, RedLine	Browse	104.26.12.205
	9XHFe6y4Dj.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	188.114.96.3
	WinFIG.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
	WinFIG-2024.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
	file.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
AKAMAI-ASUS	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	bin.i586.elf	Get hash	malicious	Gafgyt, Mirai	Browse	23.218.148.10
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	Unlock_Tool_2.3.1.exe	Get hash	malicious	Vidar	Browse	104.102.49.254
	WinFIG.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	WinFIG-2024.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	SentinelOculus.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	Download.exe	Get hash	malicious	LummaC	Browse	104.102.49.254

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	LummaC	Browse	104.21.53.8 104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.21.53.8 104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.21.53.8 104.102.49.254
	WinFIG.exe	Get hash	malicious	LummaC	Browse	104.21.53.8 104.102.49.254
	WinFIG-2024.exe	Get hash	malicious	LummaC	Browse	104.21.53.8 104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.21.53.8 104.102.49.254
	SentinelOculus.exe	Get hash	malicious	LummaC	Browse	104.21.53.8 104.102.49.254
	Download.exe	Get hash	malicious	LummaC	Browse	104.21.53.8 104.102.49.254
	Aquantia.exe	Get hash	malicious	LummaC	Browse	104.21.53.8 104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.21.53.8 104.102.49.254

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.551734703748963
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	3'028'480 bytes
MD5:	4f7d940e5a6e1a752310810ed5e48d90
SHA1:	6d600a018c09d0c27b6fb0a1115a8b734f071274
SHA256:	cabc120fdab47adca73614a9d78ba234c67d664dccce4998a89db47ecb856a3d
SHA512:	7a7d949de2061b66e9fefef70b127fdcfbabd0c2a13541ac8888945945bd0aa3450c698c661a3117b1de8c2db38bc0b4b0dd6eb36088dc6d33afffe50b6dc10a
SSDEEP:	49152:emHW06CFtMDuvKvdia4qDA3hYPdh1zNrTSl+Sm95Z7M:VHW09FtMDuvmI7ZxYPdhh9TSE395Zo
TLSH:	3BE55C92F50971DFE48E26B84A2BCD816D5D43B94B1288C39F6C74FA7E67CC112B6C24
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...J..f..............................1...........@...........................1...........@.................................W...k..

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x71b000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66FFF14A [Fri Oct 4 13:44:42 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F7524B3A1EAh
unpcklps xmm5, dqword ptr [esi]
add byte ptr [eax], al
add byte ptr [eax], al
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], cl
add al, 00h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
jnle 00007F7524B3A162h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
pop ebp
add dword ptr [eax], eax
add byte ptr [eax+eax], cl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax+00000000h], eax
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax+00000000h], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x5f057	0x6b	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x5f1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x5d000	0x25e00	f27557470f13c458b526f9ad3f288995	False	0.9996261344884488	data	7.979276920550064	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x5e000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x5f000	0x1000	0x200	fe72def8b74193a84232a780098a7ce0	False	0.150390625	data	1.04205214219471	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
xkhaisln	0x60000	0x2ba000	0x2ba000	a08c4a1dc5a4ac4e604a9b21c1a3e9e6	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
rfekvyib	0x31a000	0x1000	0x400	783d2b6dde951f0843cd06e4ff0db661	False	0.7255859375	data	5.80170115213553	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x31b000	0x3000	0x2200	e745cb1a67a1a7e54873bada897b9469	False	0.06950827205882353	DOS executable (COM)	0.7987879341547207	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-20T21:15:01.318335+0200	2056471	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)	1	192.168.2.4	56852	1.1.1.1	53	UDP
2024-10-20T21:15:01.339007+0200	2056485	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)	1	192.168.2.4	59705	1.1.1.1	53	UDP
2024-10-20T21:15:01.353214+0200	2056483	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)	1	192.168.2.4	54991	1.1.1.1	53	UDP
2024-10-20T21:15:01.365233+0200	2056481	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)	1	192.168.2.4	54147	1.1.1.1	53	UDP
2024-10-20T21:15:01.381405+0200	2056479	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)	1	192.168.2.4	57124	1.1.1.1	53	UDP
2024-10-20T21:15:01.394214+0200	2056477	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)	1	192.168.2.4	61700	1.1.1.1	53	UDP
2024-10-20T21:15:01.409484+0200	2056475	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)	1	192.168.2.4	60253	1.1.1.1	53	UDP
2024-10-20T21:15:01.422441+0200	2056473	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)	1	192.168.2.4	51101	1.1.1.1	53	UDP
2024-10-20T21:15:03.519719+0200	2858666	ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup	1	192.168.2.4	49730	104.102.49.254	443	TCP
2024-10-20T21:15:04.507897+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49731	104.21.53.8	443	TCP
2024-10-20T21:15:04.507897+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49731	104.21.53.8	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 20, 2024 21:15:01.451098919 CEST	49730	443	192.168.2.4	104.102.49.254
Oct 20, 2024 21:15:01.451181889 CEST	443	49730	104.102.49.254	192.168.2.4
Oct 20, 2024 21:15:01.451301098 CEST	49730	443	192.168.2.4	104.102.49.254
Oct 20, 2024 21:15:01.454436064 CEST	49730	443	192.168.2.4	104.102.49.254
Oct 20, 2024 21:15:01.454472065 CEST	443	49730	104.102.49.254	192.168.2.4
Oct 20, 2024 21:15:02.529988050 CEST	443	49730	104.102.49.254	192.168.2.4
Oct 20, 2024 21:15:02.530124903 CEST	49730	443	192.168.2.4	104.102.49.254
Oct 20, 2024 21:15:02.587625027 CEST	49730	443	192.168.2.4	104.102.49.254
Oct 20, 2024 21:15:02.587660074 CEST	443	49730	104.102.49.254	192.168.2.4
Oct 20, 2024 21:15:02.587963104 CEST	443	49730	104.102.49.254	192.168.2.4
Oct 20, 2024 21:15:02.632976055 CEST	49730	443	192.168.2.4	104.102.49.254
Oct 20, 2024 21:15:02.860508919 CEST	49730	443	192.168.2.4	104.102.49.254
Oct 20, 2024 21:15:02.903420925 CEST	443	49730	104.102.49.254	192.168.2.4
Oct 20, 2024 21:15:03.519714117 CEST	443	49730	104.102.49.254	192.168.2.4
Oct 20, 2024 21:15:03.519737005 CEST	443	49730	104.102.49.254	192.168.2.4
Oct 20, 2024 21:15:03.519777060 CEST	443	49730	104.102.49.254	192.168.2.4
Oct 20, 2024 21:15:03.519790888 CEST	443	49730	104.102.49.254	192.168.2.4
Oct 20, 2024 21:15:03.519820929 CEST	443	49730	104.102.49.254	192.168.2.4
Oct 20, 2024 21:15:03.519953966 CEST	49730	443	192.168.2.4	104.102.49.254
Oct 20, 2024 21:15:03.519953966 CEST	49730	443	192.168.2.4	104.102.49.254
Oct 20, 2024 21:15:03.519992113 CEST	443	49730	104.102.49.254	192.168.2.4
Oct 20, 2024 21:15:03.520060062 CEST	49730	443	192.168.2.4	104.102.49.254
Oct 20, 2024 21:15:03.540559053 CEST	443	49730	104.102.49.254	192.168.2.4
Oct 20, 2024 21:15:03.540575027 CEST	443	49730	104.102.49.254	192.168.2.4
Oct 20, 2024 21:15:03.540682077 CEST	49730	443	192.168.2.4	104.102.49.254
Oct 20, 2024 21:15:03.540703058 CEST	443	49730	104.102.49.254	192.168.2.4
Oct 20, 2024 21:15:03.540765047 CEST	49730	443	192.168.2.4	104.102.49.254
Oct 20, 2024 21:15:03.548736095 CEST	443	49730	104.102.49.254	192.168.2.4
Oct 20, 2024 21:15:03.548772097 CEST	443	49730	104.102.49.254	192.168.2.4
Oct 20, 2024 21:15:03.548856020 CEST	49730	443	192.168.2.4	104.102.49.254
Oct 20, 2024 21:15:03.550054073 CEST	49730	443	192.168.2.4	104.102.49.254
Oct 20, 2024 21:15:03.550097942 CEST	443	49730	104.102.49.254	192.168.2.4
Oct 20, 2024 21:15:03.571202993 CEST	49731	443	192.168.2.4	104.21.53.8
Oct 20, 2024 21:15:03.571244955 CEST	443	49731	104.21.53.8	192.168.2.4
Oct 20, 2024 21:15:03.571343899 CEST	49731	443	192.168.2.4	104.21.53.8
Oct 20, 2024 21:15:03.571818113 CEST	49731	443	192.168.2.4	104.21.53.8
Oct 20, 2024 21:15:03.571835041 CEST	443	49731	104.21.53.8	192.168.2.4
Oct 20, 2024 21:15:04.339173079 CEST	443	49731	104.21.53.8	192.168.2.4
Oct 20, 2024 21:15:04.339416027 CEST	49731	443	192.168.2.4	104.21.53.8
Oct 20, 2024 21:15:04.342999935 CEST	49731	443	192.168.2.4	104.21.53.8
Oct 20, 2024 21:15:04.343013048 CEST	443	49731	104.21.53.8	192.168.2.4
Oct 20, 2024 21:15:04.343280077 CEST	443	49731	104.21.53.8	192.168.2.4
Oct 20, 2024 21:15:04.344988108 CEST	49731	443	192.168.2.4	104.21.53.8
Oct 20, 2024 21:15:04.345031977 CEST	49731	443	192.168.2.4	104.21.53.8
Oct 20, 2024 21:15:04.345057964 CEST	443	49731	104.21.53.8	192.168.2.4
Oct 20, 2024 21:15:04.507694960 CEST	443	49731	104.21.53.8	192.168.2.4
Oct 20, 2024 21:15:04.507752895 CEST	443	49731	104.21.53.8	192.168.2.4
Oct 20, 2024 21:15:04.507947922 CEST	49731	443	192.168.2.4	104.21.53.8
Oct 20, 2024 21:15:04.507973909 CEST	49731	443	192.168.2.4	104.21.53.8
Oct 20, 2024 21:15:04.507988930 CEST	443	49731	104.21.53.8	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 20, 2024 21:15:01.318335056 CEST	56852	53	192.168.2.4	1.1.1.1
Oct 20, 2024 21:15:01.336854935 CEST	53	56852	1.1.1.1	192.168.2.4
Oct 20, 2024 21:15:01.339006901 CEST	59705	53	192.168.2.4	1.1.1.1
Oct 20, 2024 21:15:01.351435900 CEST	53	59705	1.1.1.1	192.168.2.4
Oct 20, 2024 21:15:01.353214025 CEST	54991	53	192.168.2.4	1.1.1.1
Oct 20, 2024 21:15:01.363828897 CEST	53	54991	1.1.1.1	192.168.2.4
Oct 20, 2024 21:15:01.365232944 CEST	54147	53	192.168.2.4	1.1.1.1
Oct 20, 2024 21:15:01.380028963 CEST	53	54147	1.1.1.1	192.168.2.4
Oct 20, 2024 21:15:01.381405115 CEST	57124	53	192.168.2.4	1.1.1.1
Oct 20, 2024 21:15:01.391223907 CEST	53	57124	1.1.1.1	192.168.2.4
Oct 20, 2024 21:15:01.394213915 CEST	61700	53	192.168.2.4	1.1.1.1
Oct 20, 2024 21:15:01.407279015 CEST	53	61700	1.1.1.1	192.168.2.4
Oct 20, 2024 21:15:01.409483910 CEST	60253	53	192.168.2.4	1.1.1.1
Oct 20, 2024 21:15:01.420109034 CEST	53	60253	1.1.1.1	192.168.2.4
Oct 20, 2024 21:15:01.422441006 CEST	51101	53	192.168.2.4	1.1.1.1
Oct 20, 2024 21:15:01.436142921 CEST	53	51101	1.1.1.1	192.168.2.4
Oct 20, 2024 21:15:01.437958956 CEST	62596	53	192.168.2.4	1.1.1.1
Oct 20, 2024 21:15:01.446398020 CEST	53	62596	1.1.1.1	192.168.2.4
Oct 20, 2024 21:15:03.554827929 CEST	53880	53	192.168.2.4	1.1.1.1
Oct 20, 2024 21:15:03.570264101 CEST	53	53880	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 20, 2024 21:15:01.318335056 CEST	192.168.2.4	1.1.1.1	0xf522	Standard query (0)	clearancek.site	A (IP address)	IN (0x0001)	false
Oct 20, 2024 21:15:01.339006901 CEST	192.168.2.4	1.1.1.1	0xa909	Standard query (0)	mobbipenju.store	A (IP address)	IN (0x0001)	false
Oct 20, 2024 21:15:01.353214025 CEST	192.168.2.4	1.1.1.1	0x9606	Standard query (0)	eaglepawnoy.store	A (IP address)	IN (0x0001)	false
Oct 20, 2024 21:15:01.365232944 CEST	192.168.2.4	1.1.1.1	0x3f32	Standard query (0)	dissapoiznw.store	A (IP address)	IN (0x0001)	false
Oct 20, 2024 21:15:01.381405115 CEST	192.168.2.4	1.1.1.1	0x172d	Standard query (0)	studennotediw.store	A (IP address)	IN (0x0001)	false
Oct 20, 2024 21:15:01.394213915 CEST	192.168.2.4	1.1.1.1	0xa92	Standard query (0)	bathdoomgaz.store	A (IP address)	IN (0x0001)	false
Oct 20, 2024 21:15:01.409483910 CEST	192.168.2.4	1.1.1.1	0xc897	Standard query (0)	spirittunek.store	A (IP address)	IN (0x0001)	false
Oct 20, 2024 21:15:01.422441006 CEST	192.168.2.4	1.1.1.1	0x328f	Standard query (0)	licendfilteo.site	A (IP address)	IN (0x0001)	false
Oct 20, 2024 21:15:01.437958956 CEST	192.168.2.4	1.1.1.1	0xb216	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Oct 20, 2024 21:15:03.554827929 CEST	192.168.2.4	1.1.1.1	0xbb7a	Standard query (0)	sergei-esenin.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 20, 2024 21:15:01.336854935 CEST	1.1.1.1	192.168.2.4	0xf522	Name error (3)	clearancek.site	none	none	A (IP address)	IN (0x0001)	false
Oct 20, 2024 21:15:01.351435900 CEST	1.1.1.1	192.168.2.4	0xa909	Name error (3)	mobbipenju.store	none	none	A (IP address)	IN (0x0001)	false
Oct 20, 2024 21:15:01.363828897 CEST	1.1.1.1	192.168.2.4	0x9606	Name error (3)	eaglepawnoy.store	none	none	A (IP address)	IN (0x0001)	false
Oct 20, 2024 21:15:01.380028963 CEST	1.1.1.1	192.168.2.4	0x3f32	Name error (3)	dissapoiznw.store	none	none	A (IP address)	IN (0x0001)	false
Oct 20, 2024 21:15:01.391223907 CEST	1.1.1.1	192.168.2.4	0x172d	Name error (3)	studennotediw.store	none	none	A (IP address)	IN (0x0001)	false
Oct 20, 2024 21:15:01.407279015 CEST	1.1.1.1	192.168.2.4	0xa92	Name error (3)	bathdoomgaz.store	none	none	A (IP address)	IN (0x0001)	false
Oct 20, 2024 21:15:01.420109034 CEST	1.1.1.1	192.168.2.4	0xc897	Name error (3)	spirittunek.store	none	none	A (IP address)	IN (0x0001)	false
Oct 20, 2024 21:15:01.436142921 CEST	1.1.1.1	192.168.2.4	0x328f	Name error (3)	licendfilteo.site	none	none	A (IP address)	IN (0x0001)	false
Oct 20, 2024 21:15:01.446398020 CEST	1.1.1.1	192.168.2.4	0xb216	No error (0)	steamcommunity.com		104.102.49.254	A (IP address)	IN (0x0001)	false
Oct 20, 2024 21:15:03.570264101 CEST	1.1.1.1	192.168.2.4	0xbb7a	No error (0)	sergei-esenin.com		104.21.53.8	A (IP address)	IN (0x0001)	false
Oct 20, 2024 21:15:03.570264101 CEST	1.1.1.1	192.168.2.4	0xbb7a	No error (0)	sergei-esenin.com		172.67.206.204	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

steamcommunity.com

sergei-esenin.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	104.102.49.254	443	6568	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-20 19:15:02 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-10-20 19:15:03 UTC	1891	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://ste [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Sun, 20 Oct 2024 19:15:03 GMT Content-Length: 34508 Connection: close Set-Cookie: sessionid=5e3eaa2b7732a919646c440a; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7C0e3d185a3e106e73b244decdec33a0ea; Path=/; Secure; HttpOnly; SameSite=None
2024-10-20 19:15:03 UTC	14493	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
2024-10-20 19:15:03 UTC	16384	IN	Data Raw: 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 61 69 6e 65 72 27 2c 20 27 63 6f 72 72 65 63 74 46 6f 72 53 63 72 65 65 6e 53 69 7a 65 27 3a 20 66 61 6c 73 65 7d 29 3b 0d 0a 09 09 7d 29 3b 0d 0a 09 3c 2f 73 63 72 69 70 74 3e 0d 0a 0d 0a 09 09 3c 64 69 76 20 69 64 3d 22 67 6c 6f 62 61 6c 5f 61 63 74 69 6f 6e 73 22 3e 0d 0a 09 09 09 3c 64 69 76 20 72 6f 6c 65 3d 22 6e 61 76 69 67 61 74 69 6f 6e 22 20 69 64 3d 22 67 6c 6f 62 61 6c 5f 61 63 74 69 6f 6e 5f 6d 65 6e 75 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 41 63 63 6f 75 6e 74 20 4d 65 Data Ascii: etY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#global_header .supernav_container', 'correctForScreenSize': false});});</script><div id="global_actions"><div role="navigation" id="global_action_menu" aria-label="Account Me

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49731	104.21.53.8	443	6568	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-20 19:15:04 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: sergei-esenin.com
2024-10-20 19:15:04 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life

Target ID:	0
Start time:	15:14:59
Start date:	20/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xb70000
File size:	3'028'480 bytes
MD5 hash:	4F7D940E5A6E1A752310810ED5E48D90
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	56.2%
Total number of Nodes:	48
Total number of Limit Nodes:	6

Executed Functions

Function 00BB50FA Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNEL32(19A41BB1,00000000,00000800), ref: 00BB5182

Strings

<I$), xrefs: 00BB5198
@^, xrefs: 00BB5120
<I$), xrefs: 00BB52E3

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID: LibraryLoad
String ID: <I$)$<I$)$@^
API String ID: 1029625771-935358343
Opcode ID: 048b2b20e29de75e6b1992b7fde154f3e35c48ddd5a9dd70d0e1beed9bc0c3d9
Instruction ID: bf4496d45fd5ed771e2d38a52ae7cae09b95f6c321c80aad139dfd3c2caa626d
Opcode Fuzzy Hash: 048b2b20e29de75e6b1992b7fde154f3e35c48ddd5a9dd70d0e1beed9bc0c3d9
Instruction Fuzzy Hash: 2C2181351083848FC310DF68E891B6AB7F4AB9A300FA9882CE1C5E7351DB75D955CB56

Function 00B7FCA0 Relevance: 5.4, Strings: 4, Instructions: 373
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

V, xrefs: 00B7FEDC
VY^_, xrefs: 00B7FDFF
J|BJ, xrefs: 00B8000D
t, xrefs: 00B7FCBE

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID: J|BJ$V$VY^_$t
API String ID: 0-3701112211
Opcode ID: ed80554b10640da5e0b45a8bbfced40186df14feb022f0763c798bbb271f096d
Instruction ID: 37125f4ccbf27df65d20d7a45a5e937a76234774b71954dcef37eddbe25833f2
Opcode Fuzzy Hash: ed80554b10640da5e0b45a8bbfced40186df14feb022f0763c798bbb271f096d
Instruction Fuzzy Hash: F6D1897451C3819BD310EF148494A2FBBE1EF96B84F18889CF4D99B262C735CD09DB96

Function 00B7D110 Relevance: 1.7, APIs: 1, Instructions: 168
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(00000000), ref: 00B7D2F1

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 75d0d660bb24633071a74c2741c6a8242b224103c86625c7d5baa4d93f10434c
Instruction ID: e3d227f473b6dd198a24c998757a6d5db1f363abb0f3571ebcaf9520abd26489
Opcode Fuzzy Hash: 75d0d660bb24633071a74c2741c6a8242b224103c86625c7d5baa4d93f10434c
Instruction Fuzzy Hash: FD41257040D340ABD301BB68D584A2EFBF5EF52784F548C8CE5D8AB252C335D8159B6B

Function 00BB5BB0 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL(00BB973D,005C003F,00000006,?,?,00000018,8C8D8A8B,?,?), ref: 00BB5BDE

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82

Function 00BB695B Relevance: 1.4, Strings: 1, Instructions: 100
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

@, xrefs: 00BB69C5

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: b5788f891cdc4056567faaf156cdd79f2bb9d7c82e708111df69d653c392255a
Instruction ID: 0d2b343283484ba2b18ba3f6a7dd2d28fa7f4f6e0ddaf09fb289a43ce8d254bd
Opcode Fuzzy Hash: b5788f891cdc4056567faaf156cdd79f2bb9d7c82e708111df69d653c392255a
Instruction Fuzzy Hash: E83198B15083018FDB18DF14C8A0B7AB7F1EF98344F44986CE5C6A7261E7B89944CB56

Function 00B8049B Relevance: .3, Instructions: 264
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 170ba52041bba69f1398c4e8543a6c21ac96e02754ac4e33d22b8ee287999a54
Instruction ID: 6f8517212144554a65979912a99061bd1a5567793a4a4895024f280f1c3e2f40
Opcode Fuzzy Hash: 170ba52041bba69f1398c4e8543a6c21ac96e02754ac4e33d22b8ee287999a54
Instruction Fuzzy Hash: 06919A75200B01CFD724DF25EC94A27B7F6FF89310B158AACE8568BAA1DB70E815CB50

Function 00B80228 Relevance: .2, Instructions: 218
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d429e18ea56e56fd52ac0a412dfa9a47d6b670fe7e2b28d4543fe677f38f3410
Instruction ID: 2707a08f19441ba4511da62f172be7c4729631fc6d6b75ae11973bb4ae3e6082
Opcode Fuzzy Hash: d429e18ea56e56fd52ac0a412dfa9a47d6b670fe7e2b28d4543fe677f38f3410
Instruction Fuzzy Hash: 2C717B74200701DFD724AF21EC94B26B7F6FF89315F5489ACE8468B662CB71A815CB50

Function 00BB99D0 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7310729075f5667b9a25f9dd749c003ca6bb3a59dd5e44730740ccdbee84adbc
Instruction ID: fd1cd8f07877d3598885c8cf6ca4fdf48c1e1844bda592832b2947e05e7a4a6c
Opcode Fuzzy Hash: 7310729075f5667b9a25f9dd749c003ca6bb3a59dd5e44730740ccdbee84adbc
Instruction Fuzzy Hash: 13419034208300ABDB24DF15D890B7FBBE5EB85714F2488ACF68997251D3B1EC51CB62

Function 00BB63B8 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: a4013dcf40cccc03147ee9c4d30115b75c62ee78734fc0787e17fc01af7baebd
Instruction ID: 480cbfccb9ce810b26eeea30b5143a5e008164a5e299741e4d4c77d79c533a2c
Opcode Fuzzy Hash: a4013dcf40cccc03147ee9c4d30115b75c62ee78734fc0787e17fc01af7baebd
Instruction Fuzzy Hash: 1B31DF70249301BBDA24DB08CD82F7AB7E1FB84B11F688558F1C15B2E1D7B4AC518B56

Function 00B80EEC Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca87a4c89ea8e35cda0e8d5d56517bc89c63875f11ac0ae48b6ddea0747dd42b
Instruction ID: 532b8d983ffca5a193b400aef2c1aa16c2460b0c2ad5a5b149b792f3bbd3acca
Opcode Fuzzy Hash: ca87a4c89ea8e35cda0e8d5d56517bc89c63875f11ac0ae48b6ddea0747dd42b
Instruction Fuzzy Hash: F8213AB491021A9FEB15DF94CC90BBEBBB1FF4A304F144858E911BB392C735A905CB64

Function 00BB3220 Relevance: 1.6, APIs: 1, Instructions: 59
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(?,00000000), ref: 00BB32A6

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 5e9019d4bd2ca23184d1d4766ec4fd7ad2b898fd11f7580fdeb8c76fffcb3b0c
Instruction ID: d3b92789725fb993f9441e7c84953d5a3ed7d75b18a1cecc678b8454d994c0c9
Opcode Fuzzy Hash: 5e9019d4bd2ca23184d1d4766ec4fd7ad2b898fd11f7580fdeb8c76fffcb3b0c
Instruction Fuzzy Hash: DF016D3450D3409BC701EF18E845E2ABBE8EF8AB00F45885CE5C59B361D735DD60CB96

Function 00BB3202 Relevance: 1.5, APIs: 1, Instructions: 6
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,00000000), ref: 00BB3208

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 06bf6772c44fc414fab93c16349c698b14cebd31e79c109aced90da962a62abb
Instruction ID: 544a88c3d3b19802fbaf96206fe9aadd75ba6f685e21c2996078d2b48c5a9990
Opcode Fuzzy Hash: 06bf6772c44fc414fab93c16349c698b14cebd31e79c109aced90da962a62abb
Instruction Fuzzy Hash: 7BB012341400005FDA041B00EC0AF003510EB00605F800060A100050B1D5719C64C554

Non-executed Functions

Function 00B8DB6F Relevance: 32.0, Strings: 24, Instructions: 2006COMMON

Download Yara Rule

Strings

QNOL, xrefs: 00B8E775
lkji, xrefs: 00B8E73E
|, xrefs: 00B8ECB1
<=:;, xrefs: 00B8E930
xgfe, xrefs: 00B8E71D
89&', xrefs: 00B8E93B
D, xrefs: 00B8E846
<=2, xrefs: 00B8EA01
89>?, xrefs: 00B8E9F6
tuJK, xrefs: 00B8E967
()./, xrefs: 00B8E9CA
dcba, xrefs: 00B8E728
tsrq, xrefs: 00B8E6FC
WP, xrefs: 00B8DCEF
LKJI, xrefs: 00B8E6E6
:WUE, xrefs: 00B8F6B7, 00B8F6C6
@ONM, xrefs: 00B8E6DB
`Y^_, xrefs: 00B8E99E
`onm, xrefs: 00B8E733
T, xrefs: 00B8F157
%*+(, xrefs: 00B8DE37, 00B8DE46
AR, xrefs: 00B8DD10
mjkh, xrefs: 00B8E7D8
DCBA, xrefs: 00B8E887, 00B8E896

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: %*+($()./$89&'$89>?$:WUE$<=2$<=:;$@ONM$AR$D$DCBA$LKJI$QNOL$T$WP$`Y^_$`onm$dcba$lkji$mjkh$tsrq$tuJK$xgfe$|
API String ID: 2994545307-1418943773
Opcode ID: 0e24c5289ac8131989e722caeaa8578a8080a528bc4a052fba279a0258efcf28
Instruction ID: d6c5372ba5ac9b100c16b5e9e684208ec783622558b0b38802e045c27fa71bd9
Opcode Fuzzy Hash: 0e24c5289ac8131989e722caeaa8578a8080a528bc4a052fba279a0258efcf28
Instruction Fuzzy Hash: D9F27AB05093829BD770DF14C884BABBBE2FFD5304F1448ADE4D99B2A1DB719984CB52

Function 00BA23E0 Relevance: 31.3, APIs: 4, Strings: 12, Instructions: 3298COMMON

Download Yara Rule

Strings

{l`~, xrefs: 00BA268C
fedc, xrefs: 00BA2782
:, xrefs: 00BA32DD
Cx, xrefs: 00BA453D
ggxz, xrefs: 00BA2685
`tii, xrefs: 00BA2693
3<, xrefs: 00BA32D6
%*+(, xrefs: 00BA40EF
f@~!, xrefs: 00BA25FF
aenQ, xrefs: 00BA276A
mlc@, xrefs: 00BA275C
|}&C, xrefs: 00BA2F21

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID: %*+($3<$:$Cx$`tii$aenQ$f@~!$fedc$ggxz$mlc@${l`~$|}&C
API String ID: 0-786070067
Opcode ID: 20c4a290d50166215c1311bae07c2698de732b63a75c6959cfc0bca6b927b1c5
Instruction ID: 72d936d383b14390f4d793fe84b90564531e8328a09ade8f30ce03a106a7309f
Opcode Fuzzy Hash: 20c4a290d50166215c1311bae07c2698de732b63a75c6959cfc0bca6b927b1c5
Instruction Fuzzy Hash: DF338A70508B818BD7258F38C590B62BBE1FF57304F58899DE4DA8BB92C735E906CB61

Function 00B99F62 Relevance: 21.7, Strings: 17, Instructions: 473COMMON

Download Yara Rule

Strings

?m,o, xrefs: 00B9A13C
]{, xrefs: 00B9A1E7, 00B9A1F3
(a*c, xrefs: 00B9A147
WH, xrefs: 00B9AA1C
sm, xrefs: 00B9A830
=], xrefs: 00B9A36A
_Y, xrefs: 00B9A641
WQ, xrefs: 00B9A62B
CG, xrefs: 00B9AA32
S], xrefs: 00B9A636
hi, xrefs: 00B9AB9D
N[, xrefs: 00B9A375
JG, xrefs: 00B9AA27
Gt, xrefs: 00B99FF8
/), xrefs: 00B9A66D
%e6g, xrefs: 00B9A152
kW, xrefs: 00B9A380

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID: %e6g$(a*c$=]$?m,o$CG$Gt$JG$N[$WH$]{$hi$kW$/)$S]$WQ$_Y$sm
API String ID: 0-1131134755
Opcode ID: 733ad684322903740e26d00cafc87cde26cc6422d32025ebe7edb2d953db5c0e
Instruction ID: a5ab473dc34de91ea0424cf0d310fe307aa0e4cb13f4aa3cfd251cda4f57c21e
Opcode Fuzzy Hash: 733ad684322903740e26d00cafc87cde26cc6422d32025ebe7edb2d953db5c0e
Instruction Fuzzy Hash: BC52B6B454D3858AE270CF25D581B8EBAF1BB92740F608A2DE1ED9B255DBB08045CF93

Function 00B99510 Relevance: 20.4, Strings: 16, Instructions: 427COMMON

Download Yara Rule

Strings

T#a-, xrefs: 00B99AE3
2A"_, xrefs: 00B99980
?M0K, xrefs: 00B99968
X/R), xrefs: 00B99AEB
B?Q9, xrefs: 00B99B0B
z=Q?, xrefs: 00B99826
,A&C, xrefs: 00B9982E
L3Y=, xrefs: 00B99B03
!E4G, xrefs: 00B99836
B7U1, xrefs: 00B99AFB
G'M!, xrefs: 00B99ADB
;IJK, xrefs: 00B9983E
G+X5, xrefs: 00B99AF3
8;, xrefs: 00B99B13
O+f), xrefs: 00B99634, 00B9963D
pq, xrefs: 00B999E0

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID: !E4G$,A&C$2A"_$8;$;IJK$?M0K$B7U1$B?Q9$G'M!$G+X5$L3Y=$O+f)$T#a-$X/R)$pq$z=Q?
API String ID: 0-655414846
Opcode ID: 661602c7be444d18594859c184127cef479fc815862fd99a4e842b40a9c9cf79
Instruction ID: ed3a01d777659505dde20e4bd83b71df3cad0c7211ef51f2d5fb813908be6b8a
Opcode Fuzzy Hash: 661602c7be444d18594859c184127cef479fc815862fd99a4e842b40a9c9cf79
Instruction Fuzzy Hash: 37F141B0518380ABDB10DF19D881A2BBBF4FB8AB44F044D6CF4D99B252D374D944CB96

Function 00B9DD29 Relevance: 14.9, Strings: 11, Instructions: 1142COMMON

Download Yara Rule

Strings

hX]N, xrefs: 00B9DDC7
{E, xrefs: 00B9E323
=]+_, xrefs: 00B9E276
-M2O, xrefs: 00B9E25A
upH}, xrefs: 00B9DE8A, 00B9E798, 00B9DF4A
,Q?S, xrefs: 00B9E26F
Y9N;, xrefs: 00B9E245
%*+(, xrefs: 00B9E143
<Y.[, xrefs: 00B9E27D
n\+H, xrefs: 00B9DDC0
)IgK, xrefs: 00B9E261

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID: %*+($)IgK$,Q?S$-M2O$<Y.[$=]+_$Y9N;$hX]N$n\+H$upH}${E
API String ID: 0-1557708024
Opcode ID: da1cfb495ddead6eb4bfa62b71400724e25b5dbccd115716a6c48aaf9b5e1633
Instruction ID: a18db9dd414e98cab1b0b8ad26654c38bd21be250733a6a661f9d9f89e4c921e
Opcode Fuzzy Hash: da1cfb495ddead6eb4bfa62b71400724e25b5dbccd115716a6c48aaf9b5e1633
Instruction Fuzzy Hash: FF92B071E00205CFDB14CF68D891AAEBBF2FF4A310F1985A9E455AB392D735AD41CB90

Function 00D42ACB Relevance: 11.6, Strings: 8, Instructions: 1646COMMON

Download Yara Rule

Strings

Hng, xrefs: 00D43565
xZ1n, xrefs: 00D43AF3
gmh~, xrefs: 00D42DC6
zU_, xrefs: 00D42ECA
p5J, xrefs: 00D43234
7q>C, xrefs: 00D43DD2
@T~, xrefs: 00D4383C
>u_, xrefs: 00D43725

Memory Dump Source

Source File: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID: 7q>C$Hng$gmh~$p5J$xZ1n$zU_$>u_$@T~
API String ID: 0-3677310213
Opcode ID: 37bb6f49382538f81eb6b2844c330a7263fa2797f40ab883f50745e3793ec95a
Instruction ID: d94a3f2a72a435e34690c7d01ae119f372942e5f5753b21ace3cfe4cc1ada285
Opcode Fuzzy Hash: 37bb6f49382538f81eb6b2844c330a7263fa2797f40ab883f50745e3793ec95a
Instruction Fuzzy Hash: 5AB226F360C2049FE7086E2DEC8567AFBE9EF94720F1A463DE6C487744EA3558018796

Function 00B9098B Relevance: 10.8, Strings: 8, Instructions: 836COMMON

Download Yara Rule

Strings

cah`, xrefs: 00B9107E
qrqp, xrefs: 00B91089
gce/, xrefs: 00B91073
9.5^, xrefs: 00B90F9F
{, xrefs: 00B91502
,#15, xrefs: 00B90F94
&> &, xrefs: 00B90F89
%*+(, xrefs: 00B90A77, 00B90A86

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID: %*+($&> &$,#15$9.5^$cah`$gce/$qrqp${
API String ID: 0-4102007303
Opcode ID: c585522fe3647aac4b5c62cd919086531b22248ef67b2bc9a4b131dacedd3ecc
Instruction ID: 260fb8650a5d3d03d1f2a115be6ac32594819ac498d937f672550dae8e5a5214
Opcode Fuzzy Hash: c585522fe3647aac4b5c62cd919086531b22248ef67b2bc9a4b131dacedd3ecc
Instruction Fuzzy Hash: E96297B16183818FDB309F18C891BABBBE1FF96314F084D6DE49A8B641E7759940CB53

Function 00B71000 Relevance: 10.5, Strings: 7, Instructions: 1785COMMON

Download Yara Rule

Strings

gfff, xrefs: 00B72226
0123456789abcdefxp, xrefs: 00B71587, 00B715F8
gfff, xrefs: 00B72297
-, xrefs: 00B721ED
0123456789ABCDEFXP, xrefs: 00B7157D, 00B715EB
gfff, xrefs: 00B722E1
@, xrefs: 00B72C40

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$@$gfff$gfff$gfff
API String ID: 0-2517803157
Opcode ID: 009b1c5eb1c7b9cbe58526f19e070da6415a2111a9b0a83c19f2077e0ffee2b6
Instruction ID: 2b7c11251b8e83258d0987ad03908d76c9a4d02b223cc248b37f64848d654284
Opcode Fuzzy Hash: 009b1c5eb1c7b9cbe58526f19e070da6415a2111a9b0a83c19f2077e0ffee2b6
Instruction Fuzzy Hash: 97D2E0716083418FD718CF2CC89436ABBE2EBD5314F18CAADE4A98B391D774D945CB92

Function 00D46115 Relevance: 10.4, Strings: 7, Instructions: 1615COMMON

Download Yara Rule

Strings

!Vk=, xrefs: 00D46640
7_, xrefs: 00D46A4C
hy/., xrefs: 00D46B08
hy/., xrefs: 00D46AFD
St_, xrefs: 00D468A7
tXGz, xrefs: 00D46B8A
emw, xrefs: 00D4614F

Memory Dump Source

Source File: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID: !Vk=$7_$St_$emw$hy/.$hy/.$tXGz
API String ID: 0-662118719
Opcode ID: aab95f38da7bc73b155f9f0e667ecd976913b00beb70fb2f2f41906a3dc77f82
Instruction ID: 90805c29b6c9f6b3f31082275cbb6236692e3f158f1e96e7ed7cde37b6d0d2f8
Opcode Fuzzy Hash: aab95f38da7bc73b155f9f0e667ecd976913b00beb70fb2f2f41906a3dc77f82
Instruction Fuzzy Hash: 38B2D6F36086049FE3047E2DEC8577AF7E9EF94320F1A4A3DEAC487744EA3558058696

Function 00D4EA67 Relevance: 9.2, Strings: 6, Instructions: 1664COMMON

Download Yara Rule

Strings

oGfl, xrefs: 00D4F091
b?W, xrefs: 00D4ED2E
i/i, xrefs: 00D4F6ED
5_u, xrefs: 00D4F489
{(5O, xrefs: 00D4F7E0
;ye, xrefs: 00D4F77B

Memory Dump Source

Source File: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID: i/i$5_u$;ye$b?W$oGfl${(5O
API String ID: 0-1528190874
Opcode ID: 913947b9510bd514bb1ec8115c08084b0732f23d1bc9908304e5b0d74364ab0d
Instruction ID: 340b0884c409198a12b578b384a864d81046da6b2bc57d994e23b2fdd17172d1
Opcode Fuzzy Hash: 913947b9510bd514bb1ec8115c08084b0732f23d1bc9908304e5b0d74364ab0d
Instruction Fuzzy Hash: B9B228F3A0C210AFE304AE2DEC8577ABBD9EF94720F1A453DE6C4C7744EA3558058696

Function 00D4986D Relevance: 9.1, Strings: 6, Instructions: 1640COMMON

Download Yara Rule

Strings

<F}, xrefs: 00D4996C
rWFc, xrefs: 00D49D0D
Wo, xrefs: 00D49E9A
l,?v, xrefs: 00D4A78B
Iy5, xrefs: 00D4AB84
'Iw, xrefs: 00D4A8E5

Memory Dump Source

Source File: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID: Wo$'Iw$<F}$l,?v$rWFc$Iy5
API String ID: 0-3820130604
Opcode ID: 0d1c0aed4a2bc1010d413d4d4d8a4cdabb02f766df9f829cbea0bceeffc732d6
Instruction ID: 10a5f5241f195be5a35a82d24724684f566e2272c90180cecf393b5dee8f015e
Opcode Fuzzy Hash: 0d1c0aed4a2bc1010d413d4d4d8a4cdabb02f766df9f829cbea0bceeffc732d6
Instruction Fuzzy Hash: 59B229F36082009FE704AE2DEC8567ABBE9EFD4720F1A853DEAC4C7744E63558058697

Function 00D44628 Relevance: 7.9, Strings: 5, Instructions: 1658COMMON

Download Yara Rule

Strings

;k$, xrefs: 00D44B6A
NgU, xrefs: 00D45797
M'}, xrefs: 00D44B33
s5K, xrefs: 00D44A1F
cd[W, xrefs: 00D44C3B

Memory Dump Source

Source File: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID: M'}$NgU$cd[W$s5K$;k$
API String ID: 0-226469906
Opcode ID: fc1f5d28396961517e856f3f1b7a36855e93e2a1a8887c3d4353626c62fcd363
Instruction ID: 2151a499fc09e393b620e343b5004e5ce1842f5205b617acabb109408f4e4cb1
Opcode Fuzzy Hash: fc1f5d28396961517e856f3f1b7a36855e93e2a1a8887c3d4353626c62fcd363
Instruction Fuzzy Hash: 94B229F3A0C2049FE3046E2DEC8567ABBE9EFD4720F1A453DEAC4C7744EA3558058696

Function 00B712F7 Relevance: 7.2, Strings: 5, Instructions: 922COMMON

Download Yara Rule

Strings

0, xrefs: 00B71E88
@, xrefs: 00B73531
0, xrefs: 00B71DC1
i, xrefs: 00B728EA
0, xrefs: 00B7243E

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID: 0$0$0$@$i
API String ID: 0-3124195287
Opcode ID: 3bec9dfcd4422308fefecae4dab54f6e41479daf98baf7e27a902bd37d8d194f
Instruction ID: 98b025cb1cd5c20b3744c1765576256d59864886f166c306d274bdbeadd5334a
Opcode Fuzzy Hash: 3bec9dfcd4422308fefecae4dab54f6e41479daf98baf7e27a902bd37d8d194f
Instruction Fuzzy Hash: 8562AD7160C3818BD319CF28C49076ABBE1EF95304F18CAADE8E997291D774D949CB92

Function 00B7164F Relevance: 6.7, Strings: 5, Instructions: 472COMMON

Download Yara Rule

Strings

gfff, xrefs: 00B71F57
gfff, xrefs: 00B71F3C
0123456789abcdefxp, xrefs: 00B71659
+, xrefs: 00B71573
0123456789ABCDEFXP, xrefs: 00B7164F

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID: +$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
API String ID: 0-1123320326
Opcode ID: 4bfef9a6bd2daa7b47ea30b64f6a7584b92b846b8e64e97215309cb31a3375c2
Instruction ID: f63adc1f01f8e304fc4099576eaa29e17e8f3ef0d1dab955a6800e1f36a7dd5a
Opcode Fuzzy Hash: 4bfef9a6bd2daa7b47ea30b64f6a7584b92b846b8e64e97215309cb31a3375c2
Instruction Fuzzy Hash: 88F18F3160C3818FC719CF29C49426AFBE2ABD9304F18CAADE4E987356D774D945CB92

Function 00B713A3 Relevance: 6.6, Strings: 5, Instructions: 390COMMON

Download Yara Rule

Strings

gfff, xrefs: 00B71F57
gfff, xrefs: 00B71F3C
0123456789abcdefxp, xrefs: 00B713AD
0123456789ABCDEFXP, xrefs: 00B713A3
-, xrefs: 00B71F23

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
API String ID: 0-3620105454
Opcode ID: 17fc4b8b0d31edf4aa39e23cada306bdc2ceab34475f451845550c6b7f1b4640
Instruction ID: 20c04838d2d68670da466d030429f7b1a651bc35be69cd713d27c351423cae7e
Opcode Fuzzy Hash: 17fc4b8b0d31edf4aa39e23cada306bdc2ceab34475f451845550c6b7f1b4640
Instruction Fuzzy Hash: AFD17D316087818FC719CF2DC49466AFBE2AFD9304F08CAADE4E987356D634D949CB52

Function 00D3F4C1 Relevance: 6.6, Strings: 4, Instructions: 1604COMMON

Download Yara Rule

Strings

A?w~, xrefs: 00D403BD
e#_, xrefs: 00D40784
wwoG, xrefs: 00D3FC12
I{, xrefs: 00D3FE89

Memory Dump Source

Source File: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID: A?w~$I{$e#_$wwoG
API String ID: 0-3079435887
Opcode ID: 9192ec12d240362303f25113d1c14d95e89c9a1522793fe8375c0c40df1a65ec
Instruction ID: 2371af6729495c54cf86044be5523fc91f8857becdbc3064874dffc4c510f915
Opcode Fuzzy Hash: 9192ec12d240362303f25113d1c14d95e89c9a1522793fe8375c0c40df1a65ec
Instruction Fuzzy Hash: 57B2F8F3A0C2049FE7046E2DEC8567ABBE5EFD4720F16893DEAC4C7744E63598018696

Function 00B9FD10 Relevance: 5.7, Strings: 4, Instructions: 667COMMON

Download Yara Rule

Strings

:, xrefs: 00BA0087
uvw, xrefs: 00B9FE95
m1s3, xrefs: 00B9FEC3, 00B9FECB
NA_I, xrefs: 00BA036D

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID: :$NA_I$m1s3$uvw
API String ID: 0-3973114637
Opcode ID: b4f21da8ccafe68bdef56ce3844c73fba7225b46b540529a3cdb3d90da799dc3
Instruction ID: 0fd59897da48abe9399e5ec2e02b412848b4a9d6bbd31704d28d65af670eee70
Opcode Fuzzy Hash: b4f21da8ccafe68bdef56ce3844c73fba7225b46b540529a3cdb3d90da799dc3
Instruction Fuzzy Hash: 2732A8B051C381DFD310EF29D880A2ABBE1EB8A310F144DACF5E59B2A2D735D955CB52

Function 00B83BE2 Relevance: 5.4, Strings: 4, Instructions: 431COMMON

Download Yara Rule

Strings

p, xrefs: 00B83C80
ss, xrefs: 00B83C79
;z, xrefs: 00B83C87
%*+(, xrefs: 00B83EC4

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID: %*+($;z$p$ss
API String ID: 0-2391135358
Opcode ID: ece072672d6274b572dd0809318ec45778ee19011082602b61b57831ba633303
Instruction ID: 4c06a4e89a72628a2dbd20721cc9236cf2d53e2fb9ea0d8486cd2986bcf1cea6
Opcode Fuzzy Hash: ece072672d6274b572dd0809318ec45778ee19011082602b61b57831ba633303
Instruction Fuzzy Hash: 08026CB4810700DFD760EF24D986B56BFF4FB05701F50899DE89A9B656E330E858CBA2

Function 00D4B41A Relevance: 5.4, Strings: 3, Instructions: 1656COMMON

Download Yara Rule

Strings

WN{<, xrefs: 00D4BA01
_U, xrefs: 00D4B89F
7%7, xrefs: 00D4C42B

Memory Dump Source

Source File: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID: 7%7$WN{<$_U
API String ID: 0-580250108
Opcode ID: 8be4084fe46fd383ba7b124b91a207862ffd8fc818b7959df873fed4b2361e46
Instruction ID: 386f983c6684b59487a5de7c1eed929b8b0a41a8e56f5c8ab12ea6c27e6e1ca2
Opcode Fuzzy Hash: 8be4084fe46fd383ba7b124b91a207862ffd8fc818b7959df873fed4b2361e46
Instruction Fuzzy Hash: B4B218F3A0C2149FE3046E2DEC8567ABBE9EF94720F16493DEAC4C7744EA3558018697

Function 00B92260 Relevance: 5.4, Strings: 4, Instructions: 383COMMON

Download Yara Rule

Strings

lc, xrefs: 00B92507
hu, xrefs: 00B9232F
a|, xrefs: 00B92317
sj, xrefs: 00B92327

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID: a|$hu$lc$sj
API String ID: 0-3748788050
Opcode ID: 6df6af9f823e71855f205e37d334212e6ae4c9df51bbbf5cdf628e63374b18c5
Instruction ID: 30ae73f724305866a8f498f6e9583b5836c0ed3b859a866636557544326e9093
Opcode Fuzzy Hash: 6df6af9f823e71855f205e37d334212e6ae4c9df51bbbf5cdf628e63374b18c5
Instruction Fuzzy Hash: 4DA19C748083419BCB20DF18C891A2BB7F0FFA5754F148A5CE8D99B3A1E335D945CBA6

Function 00B9D7AF Relevance: 5.2, Strings: 4, Instructions: 213COMMON

Download Yara Rule

Strings

KV, xrefs: 00B9D97D
#', xrefs: 00B9D9EA
T>, xrefs: 00B9D984
CV, xrefs: 00B9D98B

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID: #'$CV$KV$T>
API String ID: 0-95592268
Opcode ID: bd9972e50d430b55f4edd4d1f28b34c6da10230b2c4946714a7ab1ec492dd5fc
Instruction ID: 84ba8684452ab8ed25f697a934c275e542b5ff74a8d0d9eb8642449fc7a16441
Opcode Fuzzy Hash: bd9972e50d430b55f4edd4d1f28b34c6da10230b2c4946714a7ab1ec492dd5fc
Instruction Fuzzy Hash: F18155B48017459BCB20EFA6D28516EBFB1FF16300F604A5CE4866BA55C330AA55CFE2

Function 00B9AC91 Relevance: 5.1, Strings: 4, Instructions: 128COMMON

Download Yara Rule

Strings

lk, xrefs: 00B9ACBC
(g6e, xrefs: 00B9ACA1
4c2a, xrefs: 00B9ACA9
,{*y, xrefs: 00B9AD07, 00B9AD13

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID: (g6e$,{*y$4c2a$lk
API String ID: 0-1327526056
Opcode ID: f759481951065e6ebe854f49882f9ad817aa7d5f5acee96c3834a99960fabe04
Instruction ID: efe21d5bd82ec23a14b590fbe173ab6913f20aa92ffc2c926ee21e551e7d575a
Opcode Fuzzy Hash: f759481951065e6ebe854f49882f9ad817aa7d5f5acee96c3834a99960fabe04
Instruction Fuzzy Hash: 6A4197B4408381CBDB209F24D900BABB7F0FF86305F5499ADE5C8A7261DB32D944CB96

Function 00B9C470 Relevance: 4.2, Strings: 3, Instructions: 419COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00B9C8C3, 00B9C8CB
%*+(, xrefs: 00B9C9E4, 00B9C9ED
~/i!, xrefs: 00B9C537

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID: %*+($%*+($~/i!
API String ID: 0-4033100838
Opcode ID: f86c57437b2ba147965073671998662b295d30e6d7218ac41ee02b2879d19871
Instruction ID: 2195a22f8683237738172fd207ea04bf79384249a4815fc9c0ec10fe2cca8733
Opcode Fuzzy Hash: f86c57437b2ba147965073671998662b295d30e6d7218ac41ee02b2879d19871
Instruction Fuzzy Hash: 69E187B5518340DFE7209F68D881B6ABBF5FB8A340F488C6CE5D997252DB31D810CB92

Function 00D3BF13 Relevance: 4.1, Strings: 2, Instructions: 1629COMMON

Download Yara Rule

Strings

e0My, xrefs: 00D3CA0A
W/n, xrefs: 00D3CB53

Memory Dump Source

Source File: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID: W/n$e0My
API String ID: 0-1837988056
Opcode ID: c394ef84286e72b9f914577690958def5d7ed6d837e462586b51133a127c7e1e
Instruction ID: 82b50a5e54a0cc47b511a564946636665e0f02fa14a4d98ab4fd1b0ac4dc3472
Opcode Fuzzy Hash: c394ef84286e72b9f914577690958def5d7ed6d837e462586b51133a127c7e1e
Instruction Fuzzy Hash: 5EB229F360C2009FE7046E2DEC8567AFBE9EF94620F1A493DE6C5C7744EA3598018697

Function 00BB4040 Relevance: 3.1, Strings: 2, Instructions: 577COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00BB40A4, 00BB40AD
f, xrefs: 00BB420C

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID: %*+($f
API String ID: 0-2038831151
Opcode ID: a9fb847448a0ca1836338530701c78c90f1ca9fb894c4f9e983c6f2620d80748
Instruction ID: a83c1e7a1e2379aec0c9987d3606d351c0177fb8e1773db86a103ed6670e89b7
Opcode Fuzzy Hash: a9fb847448a0ca1836338530701c78c90f1ca9fb894c4f9e983c6f2620d80748
Instruction Fuzzy Hash: 3112AD716083419FC715CF18C880B6EBBE5FB89314F188AADF4959B392D7B1E845CB92

Function 00BAF620 Relevance: 3.0, Strings: 2, Instructions: 461COMMON

Download Yara Rule

Strings

dg, xrefs: 00BAF7F5
hi, xrefs: 00BAF6E6

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID: dg$hi
API String ID: 0-2859417413
Opcode ID: a11cdce67ef9e22283d21c99ff97b2f9a2ca2b7ac2394c2c6aeb01ba31a94a9c
Instruction ID: c369c02124aaa8faee822988cd368de54ec220aaa745b50fa4e0712996745ba6
Opcode Fuzzy Hash: a11cdce67ef9e22283d21c99ff97b2f9a2ca2b7ac2394c2c6aeb01ba31a94a9c
Instruction Fuzzy Hash: 37F18471618302EFE704CF64D891B6ABBF5EB8A345F14896CF0958B2A1CB39D945CB12

Function 00B735B0 Relevance: 2.9, Strings: 2, Instructions: 411COMMON

Download Yara Rule

Strings

NaN, xrefs: 00B7360E
Inf, xrefs: 00B73607

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID: Inf$NaN
API String ID: 0-3500518849
Opcode ID: be99ccedfefd53dc45bee7eb1f859f257d26f832849ca5883a9c9b0819a18a71
Instruction ID: 123e83869fc50f5237c3ab9582b6e9c8693c0b742d9c91723b3c55861f42a1fb
Opcode Fuzzy Hash: be99ccedfefd53dc45bee7eb1f859f257d26f832849ca5883a9c9b0819a18a71
Instruction Fuzzy Hash: C8D1E672A183119BC704CF28C88161EBBE1EBC8B50F15CA7DF9AD97390E675DD059B82

Function 00B8FFDF Relevance: 2.7, Strings: 2, Instructions: 185COMMON

Download Yara Rule

Strings

BaBc, xrefs: 00B90197
Ye[g, xrefs: 00B900F6

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID: BaBc$Ye[g
API String ID: 0-286865133
Opcode ID: 1a8de60b1f17eb5b8121cbb859e82f23bc606157d8825c141fffdeda7c8c823e
Instruction ID: cf6f1859bdf3eeb361266faa081c2f362c77f58f83a272bfa22ccf8164698eef
Opcode Fuzzy Hash: 1a8de60b1f17eb5b8121cbb859e82f23bc606157d8825c141fffdeda7c8c823e
Instruction Fuzzy Hash: 2951DCB16183858FCB31EF14C881BABB7E0FF96310F09896DE49A9B651E3749840CB57

Function 00D41C08 Relevance: 1.9, Strings: 1, Instructions: 648COMMON

Download Yara Rule

Strings

qx, xrefs: 00D41CE2

Memory Dump Source

Source File: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID: qx
API String ID: 0-3159372836
Opcode ID: d327add491985400f2bc2d77eac152d34c058838c541e8108f2fe3a895c0296f
Instruction ID: a7bf304a084acc852c95f5e6f394bf3876d4731ac4e156a4ee981b983680e2ca
Opcode Fuzzy Hash: d327add491985400f2bc2d77eac152d34c058838c541e8108f2fe3a895c0296f
Instruction Fuzzy Hash: C21249F360C204AFE3046E2DEC8577AB7D9EF94320F1A463DEAC5C7744E93698118696

Function 00B75160 Relevance: 1.8, Strings: 1, Instructions: 577COMMON

Download Yara Rule

Strings

%1.17g, xrefs: 00B754C8

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID: %1.17g
API String ID: 0-1551345525
Opcode ID: ed197552794b4ba74bb09348d19d39565d4dea12ad76f2d07ea56688a6141a71
Instruction ID: b77e1b6765709c31334083eb8241139d88713620aecf3060193f414bb14e6fd7
Opcode Fuzzy Hash: ed197552794b4ba74bb09348d19d39565d4dea12ad76f2d07ea56688a6141a71
Instruction Fuzzy Hash: 052292B6A08B418BE7358E189980726BBE2EFE0314F19C5ADD86D4B391E7F1DC45C742

Function 00BA12D0 Relevance: 1.7, Strings: 1, Instructions: 484COMMON

Download Yara Rule

Strings

", xrefs: 00BA15D1

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
Instruction ID: 29eb0ab744ac1ea75663300231b62cbb58c1156c78ad727371775dd7f22d84fd
Opcode Fuzzy Hash: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
Instruction Fuzzy Hash: 0BF10475A0C3515FC764CE2C849066BBBE6EFC6350F18CDADE89A8B382D634DD058792

Function 00B9AE57 Relevance: 1.7, Strings: 1, Instructions: 455COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00B9B2D3, 00B9B2DB

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 740b5fdcef9da68c22a6f3e8724b41e998a4fb0b844c0b387fe32c4edb9dfe05
Instruction ID: 8a29c3376edb39d036310701591203cad59c3aa62f73e049e841fcb2e631b6bc
Opcode Fuzzy Hash: 740b5fdcef9da68c22a6f3e8724b41e998a4fb0b844c0b387fe32c4edb9dfe05
Instruction Fuzzy Hash: 78E1DB71508306CBCB24DF28D89096EB7E2FF99781F54896CE4C597221E730E999CB82

Function 00B86EBF Relevance: 1.7, Strings: 1, Instructions: 447COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00B86EF3

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 1bf2cb1cb5efcf967d0098599d3aa4545a859f0f6a3d8eb08c4fd362723ee5ba
Instruction ID: fd5bb080a26690e702e629eba88968f60f0a1131e66f3633f55fced0d92a3d75
Opcode Fuzzy Hash: 1bf2cb1cb5efcf967d0098599d3aa4545a859f0f6a3d8eb08c4fd362723ee5ba
Instruction Fuzzy Hash: E2F19FB5A00A01CFC724EF24D881A26B7F6FF58315B148ABDD49B876A1EB70F855CB41

Function 00B97E60 Relevance: 1.7, Strings: 1, Instructions: 425COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00B98263, 00B9826B

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: a03361b7f86ab425c153fdc4b3146b5eccf3b4d8308ff762381e03a7b12eb0c2
Instruction ID: 49341840fbbcc8dfd430622f7a6b21e4ec4a3ae0c791453d7ff074cf1794f886
Opcode Fuzzy Hash: a03361b7f86ab425c153fdc4b3146b5eccf3b4d8308ff762381e03a7b12eb0c2
Instruction Fuzzy Hash: BCC1B171508310ABDB10EF14D882A2BB7F5EF96754F0888ACF8C997251E735ED15CBA2

Function 00B98D62 Relevance: 1.7, Strings: 1, Instructions: 410COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00B99233, 00B9923B

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: e2163fe1f56ab98b7a1f023009480d124c26cc7ded72928dea9d12b28415642a
Instruction ID: b083ef8ec22682f6fa85a16af7d13c5d18af2b145ed60105b34b1d1f049db75f
Opcode Fuzzy Hash: e2163fe1f56ab98b7a1f023009480d124c26cc7ded72928dea9d12b28415642a
Instruction Fuzzy Hash: 58D1AF70628302DFDB04EF68DC91A2AB7E5FF89315F4948BCE88687261DB35E950CB51

Function 00BB7FC0 Relevance: 1.6, Strings: 1, Instructions: 387COMMON

Download Yara Rule

Strings

P, xrefs: 00BB8167

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID: P
API String ID: 0-3110715001
Opcode ID: 566a1e0ff42f4832f51db604deb1b16bcea3f7009b5559ad2c5c61417239f06a
Instruction ID: 67eb1e84b957de8b8351b4aeb1bec41871cd68514afb1595c5d04a995bbc49e9
Opcode Fuzzy Hash: 566a1e0ff42f4832f51db604deb1b16bcea3f7009b5559ad2c5c61417239f06a
Instruction Fuzzy Hash: EBD105329082658FC725CE18D8907AFB7E5EB84718F15866CE8B5AB380DBB5DC46C7C1

Function 00B9CCD0 Relevance: 1.6, Strings: 1, Instructions: 357COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00B9CDC3, 00B9CDCB

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: %*+(
API String ID: 2994545307-3233224373
Opcode ID: f277356414aa8b23786b40c2eff1922e0a3be09744618ed363a28b2381fb40c7
Instruction ID: 2423810f83e11de9c15e4e92346b18aea66b79513f8b2b67a644722cc58f3bed
Opcode Fuzzy Hash: f277356414aa8b23786b40c2eff1922e0a3be09744618ed363a28b2381fb40c7
Instruction Fuzzy Hash: 54B10171A083019BDB14DF18D890B3BBBE2EF96340F5449BCE5C58B252E335E855CBA2

Function 00BAFC20 Relevance: 1.5, Strings: 1, Instructions: 265COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00BAFCA4, 00BAFCAD

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 8e105a2531339684cd30059bf4f57c5be9343432fcee2ac5d68f61f687481dad
Instruction ID: d846ed36d0b8d50fe67ad9f39acb56483ef4a4d2382ef6a215bad6556eb669ba
Opcode Fuzzy Hash: 8e105a2531339684cd30059bf4f57c5be9343432fcee2ac5d68f61f687481dad
Instruction Fuzzy Hash: 7D81BB7050C306EBD721DFA8D884A6AB7E5FB9A701F04886CF5C497251EB71E854CB62

Function 00B8D457 Relevance: 1.5, Strings: 1, Instructions: 248COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00B8D663, 00B8D66B

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 65dfa713e0fdca74706193e011c9144e46279c95ffbfcaf34e13eb617fb3cc47
Instruction ID: 07109ba4ee854ea4018df7760f96239b04b98f716c0004ed14b0694ece4b9e31
Opcode Fuzzy Hash: 65dfa713e0fdca74706193e011c9144e46279c95ffbfcaf34e13eb617fb3cc47
Instruction Fuzzy Hash: 7761B371908304DBD710AF18DC82A7AB3F1FFA5354F4845AEF989972A1E731D910C792

Function 00BB4A40 Relevance: 1.5, Strings: 1, Instructions: 220COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00BB4C33, 00BB4C3B

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: a05cf65d8a31ab23ebd2f3bb2dca5ea6a7f934e27abbf067c0651e29a9ea3ad7
Instruction ID: ec65ee7b05d59baa1b224e2bd7f5a87e0678aa2dd5331d592237560aa404e3d5
Opcode Fuzzy Hash: a05cf65d8a31ab23ebd2f3bb2dca5ea6a7f934e27abbf067c0651e29a9ea3ad7
Instruction Fuzzy Hash: 2F61E0716083019FDB21DF15C880B7ABBE6FB84710F18899CE6C987292D7B1EC50CB52

Function 00CBBFDC Relevance: 1.5, Strings: 1, Instructions: 214COMMON

Download Yara Rule

Strings

):u, xrefs: 00CBC1D2

Memory Dump Source

Source File: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID: ):u
API String ID: 0-419768275
Opcode ID: c050d1b8e19e0f0da750389c6763c7e8fb2bb0e2dca737b1249fa6a65745f740
Instruction ID: c092b50b53458f7bf388d32d51d081509d788a97fd48e431e6ebf0e7a126ef8b
Opcode Fuzzy Hash: c050d1b8e19e0f0da750389c6763c7e8fb2bb0e2dca737b1249fa6a65745f740
Instruction Fuzzy Hash: 0C5148F3E183204BE30C593CED9537A6695EB94360F2B463EED8AD7384E9695C0482C6

Function 00B7E1A0 Relevance: 1.4, Strings: 1, Instructions: 175COMMON

Download Yara Rule

Strings

000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081, xrefs: 00B7E333

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
API String ID: 0-2471034898
Opcode ID: 90cb446f7ff846b866e9d3da89a7c748c114c8d3e6047c42e5caedeba272bc6e
Instruction ID: a58adb5912e69ec43608b1a47ae886d6b43458f00f3c22c6b9a00d2c23437c9a
Opcode Fuzzy Hash: 90cb446f7ff846b866e9d3da89a7c748c114c8d3e6047c42e5caedeba272bc6e
Instruction Fuzzy Hash: 0D512823A196904BD325893D4C953697AC70FAA334B3EC7E9E9F99B3E1D555C8008390

Function 00BB3920 Relevance: 1.4, Strings: 1, Instructions: 172COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00BB39E3, 00BB39EB

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: c20f74b6c28402623fc42a098f95beaa3a3605c4b4ac0a5499eb1c31594a32a0
Instruction ID: 01c0d13d608019f53c993c144cf0ae598b6e2ce78f4f68a0168cbd4e040a9262
Opcode Fuzzy Hash: c20f74b6c28402623fc42a098f95beaa3a3605c4b4ac0a5499eb1c31594a32a0
Instruction Fuzzy Hash: 3251B234609200DBCB24DF15D880A7EB7E5FF89B44F28889CE4C697251D7B2ED50CB62

Function 00CA5F21 Relevance: 1.4, Strings: 1, Instructions: 150COMMON

Download Yara Rule

Strings

-}, xrefs: 00CA5FAD

Memory Dump Source

Source File: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID: -}
API String ID: 0-1227557316
Opcode ID: 7c48499da30fe33a26dc1ae7082ae128c5ccfa3feafcfd0f871583d1c051d090
Instruction ID: 70d3abf93c7c0b63587f50e1ade09d45828b1351ca257b4f0ba9e97c06983400
Opcode Fuzzy Hash: 7c48499da30fe33a26dc1ae7082ae128c5ccfa3feafcfd0f871583d1c051d090
Instruction Fuzzy Hash: 154127F3A182009FF3096D69EC8973677C9DBD4320F29863DEB94C33C4E97998054256

Function 00D04D99 Relevance: 1.4, Strings: 1, Instructions: 147COMMON

Download Yara Rule

Strings

"6<, xrefs: 00D04DAA

Memory Dump Source

Source File: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID: "6<
API String ID: 0-2143718381
Opcode ID: 48c1f53281e1175e6219fdee992cac012a63052bc10fb3942b196b8841f28eef
Instruction ID: 670a73fbc2bb7747055061670ca47af7e68269a8142e933327a363f77da55c64
Opcode Fuzzy Hash: 48c1f53281e1175e6219fdee992cac012a63052bc10fb3942b196b8841f28eef
Instruction Fuzzy Hash: 904116F3A087085BE3486E2DDC09376B7D6EBD4720F1A863DDA8893784E93919158686

Function 00CF71DB Relevance: 1.4, Strings: 1, Instructions: 138COMMON

Download Yara Rule

Strings

)Qc, xrefs: 00CF72F0

Memory Dump Source

Source File: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID: )Qc
API String ID: 0-3295267371
Opcode ID: b57a66570a9b62379b3575c5b7d92512fc1f5ee0cc5cb3b4e18b5a194affa651
Instruction ID: 1217469343416001eaa802c42cb3bd6ff5f9f03bc25e729b7cd9e5bc73ecf047
Opcode Fuzzy Hash: b57a66570a9b62379b3575c5b7d92512fc1f5ee0cc5cb3b4e18b5a194affa651
Instruction Fuzzy Hash: 4C4137F3B182105BE3046A1EDC9573FB7DADBC8320F2A863E9AD4C7784E93488054296

Function 00B81BEE Relevance: 1.4, Strings: 1, Instructions: 128COMMON

Download Yara Rule

Strings

L3, xrefs: 00B81C3E

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID: L3
API String ID: 0-2730849248
Opcode ID: ef788890441cab79ad11d0b2415776a73058e66766c7759f3f49a9bbb9a28dc7
Instruction ID: 091a96b85c9467702c777c4e35642756fe4cced774b73e5ae1442ec9c781b0f2
Opcode Fuzzy Hash: ef788890441cab79ad11d0b2415776a73058e66766c7759f3f49a9bbb9a28dc7
Instruction Fuzzy Hash: 8E4141B40093809BC714AF28D894A2BBBF4FF8A314F048D1CF5C59B2A1D736CA16CB56

Function 00BAFF70 Relevance: 1.4, Strings: 1, Instructions: 124COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00BB0033, 00BB003B

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 5acba175257de9908ea99dea09479dc2e3d107046da7cf50f23adbfbab61e1f9
Instruction ID: feb63687a0f6a5a05e5988fb5f4ddf106ceea673b8a9043f929086f6a128d6a7
Opcode Fuzzy Hash: 5acba175257de9908ea99dea09479dc2e3d107046da7cf50f23adbfbab61e1f9
Instruction Fuzzy Hash: 533114B1918309AFD610FA14DC81F7BB7E9EB85744F9448A8F88497252E271EC10C7A3

Function 00B9E40C Relevance: 1.4, Strings: 1, Instructions: 108COMMON

Download Yara Rule

Strings

72?1, xrefs: 00B9E6A2

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID: 72?1
API String ID: 0-1649870076
Opcode ID: ad6c95ecf2944a82d619cd3e461f9ab406aebe694f40837421361260ecfad209
Instruction ID: be3a075f16cfe962aeb4d01ddd79fa6f0e20f7cb6b6d2c10f64bfcb0dbbb2f3f
Opcode Fuzzy Hash: ad6c95ecf2944a82d619cd3e461f9ab406aebe694f40837421361260ecfad209
Instruction Fuzzy Hash: 0D31C575904204CFCB20DF99D88096FBBF4FB0A745F1448ACD45AA7202D735ED05CBA2

Function 00B86F91 Relevance: 1.4, Strings: 1, Instructions: 108COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00B8703B

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 045ddf0a432c07961c2965231c5a817a511b87d172138b67d2614d6b5a57ffa9
Instruction ID: a092d95b72bcb8867b41ccd1082e9657461430ee03b7df3e57d2ea206dafa141
Opcode Fuzzy Hash: 045ddf0a432c07961c2965231c5a817a511b87d172138b67d2614d6b5a57ffa9
Instruction Fuzzy Hash: C5415771204B04DBD7359F61C994F26BBF2FB09705F24899CE58A9BAA1EB71F840CB10

Function 00B9E66A Relevance: 1.4, Strings: 1, Instructions: 100COMMON

Download Yara Rule

Strings

72?1, xrefs: 00B9E6A2

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID: 72?1
API String ID: 0-1649870076
Opcode ID: cacbb8fccf3f5192518c5a554ec0720cb50247cf64bbba384055d3d400152477
Instruction ID: f71f217651e71ff624592246ba54b0efc2e93018b40e0bb0bb3289bcb02887f5
Opcode Fuzzy Hash: cacbb8fccf3f5192518c5a554ec0720cb50247cf64bbba384055d3d400152477
Instruction Fuzzy Hash: 73219FB5904204CFCB20DF99D98096FBBF5FB1A745F2448ACE456AB242C735ED01CBA2

Function 00BB9CE0 Relevance: 1.3, Strings: 1, Instructions: 87COMMON

Download Yara Rule

Strings

@, xrefs: 00BB9D30

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: @
API String ID: 2994545307-2766056989
Opcode ID: fbcf1898553b27d0afa45f712ce2b653e0100cc6f011e1e8dcec88798fb512ff
Instruction ID: 270b9b1b79875a8f412f83c44f72b3074a64f53e67abbed318d60849c270f77b
Opcode Fuzzy Hash: fbcf1898553b27d0afa45f712ce2b653e0100cc6f011e1e8dcec88798fb512ff
Instruction Fuzzy Hash: 1A3178709083009BD720DF15D880A6BFBF9EF9A314F14896CE6C897251D3B5E944CBA6

Function 00B84E2A Relevance: 1.0, Instructions: 957COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4dd76e429122f67278d8c4d8bf2d0a9f12d73c6291d654019a1248d320f05b71
Instruction ID: 8bc80f62d6833873dcee7ce4bb02bb8024d94350fea3b06b5f28e3523bc5ea2e
Opcode Fuzzy Hash: 4dd76e429122f67278d8c4d8bf2d0a9f12d73c6291d654019a1248d320f05b71
Instruction Fuzzy Hash: 2F6247B4500B008FD735EF24D990B26BBF6EF59700F5489ACD49A8BA62E774F844CB94

Function 00B7BEB0 Relevance: .9, Instructions: 895COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
Instruction ID: d5be2eb4576c783baef3dae005c03129931946492dfca5374b9439d19fd0b10f
Opcode Fuzzy Hash: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
Instruction Fuzzy Hash: 13522A319087118BC725DF18D8802BAF7E1FFD4319F29CA6DD9EA97281D734A851CB86

Function 00BB8652 Relevance: .7, Instructions: 710COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6eb8c9c9ab7628c615e07f4d4e4f5d8e26cbb3ab1a1b0350b02c383de042928d
Instruction ID: 02f5dc8e4df552b7f591f1a878f28f1ffcbc9273d3d37c05171be76edcfe9e9c
Opcode Fuzzy Hash: 6eb8c9c9ab7628c615e07f4d4e4f5d8e26cbb3ab1a1b0350b02c383de042928d
Instruction Fuzzy Hash: 3E22BA35608340DFC704DF68E8A0A6ABBF1FB8A315F0988ADE5C987351DB75DA50CB42

Function 00BB86F0 Relevance: .7, Instructions: 681COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e3eda2b49af8961f0a68563744a621b5bff2ec69551b9ab2cb6ab6feb317623
Instruction ID: 0ca0e2e7b3068792aeb373022f3f00ce36ae659e4716546ed41517c96397adb3
Opcode Fuzzy Hash: 9e3eda2b49af8961f0a68563744a621b5bff2ec69551b9ab2cb6ab6feb317623
Instruction Fuzzy Hash: D522AA35618340DFD704DF68E8A0A2ABBF5FB8A305F09896DE5C987351DB35D950CB42

Function 00B7B3A0 Relevance: .7, Instructions: 670COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 976bf6598cbce8e10e03b580276cb716735e8b6637547ec49e2524ae3a28e5f5
Instruction ID: e85937609d75c7d1905bb978c21707767db0da70d9b5988a0c550d380407fab9
Opcode Fuzzy Hash: 976bf6598cbce8e10e03b580276cb716735e8b6637547ec49e2524ae3a28e5f5
Instruction Fuzzy Hash: AC529370908B848FE735CB24C494BA7BBE1EB91314F14CDADC5FA06B82C779A985CB51

Function 00B771F0 Relevance: .7, Instructions: 657COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44ee4cc5b33905c99a4e7c4bb465c06f5344862b88bcdea0a9eebb38b8c3636e
Instruction ID: 37545b99b3c3b4b3d03502ddb904262773ddfad6ae5f6b34c4dc2d434e4da6ef
Opcode Fuzzy Hash: 44ee4cc5b33905c99a4e7c4bb465c06f5344862b88bcdea0a9eebb38b8c3636e
Instruction Fuzzy Hash: DC528D3150C3458BCB15CF29C0906AABBE1FF89314F19CAADE8AD5B352DB74D949CB81

Function 00B78FD0 Relevance: .6, Instructions: 620COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 452ab03208e837c2786e67498d19085541aca0ad9332686cea0adea48b0460dd
Instruction ID: f205f677dfebc1d8f15f48ebaf42c58df3eedab7680211ea7d39d5705b67ec91
Opcode Fuzzy Hash: 452ab03208e837c2786e67498d19085541aca0ad9332686cea0adea48b0460dd
Instruction Fuzzy Hash: BD425575608301DFD718CF28D85079ABBE1BF88315F09896CE4A98B3A1DB79D945CB42

Function 00B77BF0 Relevance: .6, Instructions: 592COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91ef9a6fb2567d0f53da9cf7eae00e8fd22a5521863fea11b2059f3aa8a1994f
Instruction ID: fb1012a8662214b1073878e6078d67b5faf493cdf4b37da9d404ab2f8bb51c81
Opcode Fuzzy Hash: 91ef9a6fb2567d0f53da9cf7eae00e8fd22a5521863fea11b2059f3aa8a1994f
Instruction Fuzzy Hash: A3320470554B118FC378CE29C59452ABBF1FF45710BA08A6ED6AB8BF90DB36B845CB10

Function 00BB89A0 Relevance: .5, Instructions: 545COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77e7f96eb5b1164914f9dc6cb4ff3e264c564b001cc43a969b0048824bc8e10c
Instruction ID: 1406d273140d33faed3a2e4221c94ba39772257d31862c02d1ce403c4917f3b6
Opcode Fuzzy Hash: 77e7f96eb5b1164914f9dc6cb4ff3e264c564b001cc43a969b0048824bc8e10c
Instruction Fuzzy Hash: 9102AA35608280DFC704DF68E890A2AFBF5EF8A305F0989ADE5C587361C776D914CB92

Function 00BB8A80 Relevance: .5, Instructions: 524COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9888fcf89f1c3dd82dc745546d7626fe2684629a5e51c5a7bf9a64599e0302e0
Instruction ID: 05de90520ae79d0a4598a1bb4a6101ae23388d5ea246bfcb72476192fd3dc4c7
Opcode Fuzzy Hash: 9888fcf89f1c3dd82dc745546d7626fe2684629a5e51c5a7bf9a64599e0302e0
Instruction Fuzzy Hash: F5F1993560C380DFC704EF28E890A6AFBF5EB8A305F09896DE5C587251D776D910CB92

Function 00BB8C02 Relevance: .5, Instructions: 487COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f0a8e99b8b5da3912f7569600a3f1a400fb157397f8cb36df45abd86f88c0ae
Instruction ID: 6f3e1a5745338e4b6dbbe1c20bd031ec202a4a70d9c4e4504138ad1834695ff8
Opcode Fuzzy Hash: 4f0a8e99b8b5da3912f7569600a3f1a400fb157397f8cb36df45abd86f88c0ae
Instruction Fuzzy Hash: 85E1BD31618340CFC704DF28E891A6AFBF5EB8A315F09896CE5D987351D776E910CB92

Function 00B7A300 Relevance: .5, Instructions: 459COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
Instruction ID: fd7e0645689e16b3b13ad00896e71f50fd65c6ac0a86fee7ce07419f82520571
Opcode Fuzzy Hash: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
Instruction Fuzzy Hash: A1F1AC766087418FC724CF29C88166BFBE6EFD8300F08886DE4D987751E639E945CB56

Function 00BB8E70 Relevance: .4, Instructions: 420COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12afa6fd642cf822ae412f02e17517ba12e10c7a8933cbadddd12b48fedfd76b
Instruction ID: 5098bde5d051da6867ffe7add81352030f94a2c15ec121616513777d397b4e94
Opcode Fuzzy Hash: 12afa6fd642cf822ae412f02e17517ba12e10c7a8933cbadddd12b48fedfd76b
Instruction Fuzzy Hash: 8FD1AA3461C280DFD704EF28D890A2EFBF5EB8A305F4989ADE5C587251D776D910CB92

Function 00B84487 Relevance: .4, Instructions: 389COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68472851d8ef51c0348b696bb13872bb9b6158b7ad03e4d5adbb15cdd0a0f888
Instruction ID: f7794566a84b50aee4598c5d62ae1ad79800241835b60a5f5575baf117d4d13b
Opcode Fuzzy Hash: 68472851d8ef51c0348b696bb13872bb9b6158b7ad03e4d5adbb15cdd0a0f888
Instruction Fuzzy Hash: BEE100B5601B018FD325DF28D992B97BBE1FF06705F04886CE4AA87762EB71B814CB14

Function 00BB6CBF Relevance: .4, Instructions: 384COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87ca76c20072c8abcd41a10aa56733e702993831329de6939a751e3caec38966
Instruction ID: b3d0a989bf8cd47754ee9f59c9590ac023b4e9c45a41f25fa2df8824b6373541
Opcode Fuzzy Hash: 87ca76c20072c8abcd41a10aa56733e702993831329de6939a751e3caec38966
Instruction Fuzzy Hash: 03D1DF36618355CFC724CF28D8C096AB7E1EB8D314F498AADE495C7391DB34EA84CB91

Function 00BB7AB0 Relevance: .4, Instructions: 354COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ff46e3f32be93905f10c23a714c5cdb58055b50012c4d83c2e3129377a91dae
Instruction ID: ce8ce1167764846fd2acec9e079d13db203240986f4dc00377b0cc1108f16ba2
Opcode Fuzzy Hash: 5ff46e3f32be93905f10c23a714c5cdb58055b50012c4d83c2e3129377a91dae
Instruction Fuzzy Hash: 3CB1E372A483504BE724DA28CC417BBBBE9EFC4314F0849BDE99997381EA75DC048792

Function 00B7AF10 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
Instruction ID: 5978f0b80b4fe6d7ef6399e2803a8c38b8682f5d1357f1ced619bfa0476e8f36
Opcode Fuzzy Hash: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
Instruction Fuzzy Hash: 01C17DB2A187418FC360CF28DC96BABB7E1FF85318F08896DD1D9C6242E778A155CB45

Function 00B86536 Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a77db9ff0c697ba6b34e7ce550e4810c7c8e4fcfb4e5c83e1651989467bbafe
Instruction ID: 8af8062029ce0ea0310c8e9a520a4642866b0bfe1b88494776c539adcdb6a08b
Opcode Fuzzy Hash: 4a77db9ff0c697ba6b34e7ce550e4810c7c8e4fcfb4e5c83e1651989467bbafe
Instruction Fuzzy Hash: 72B111B4500B408BC3259F24D981B67BBF1EF56704F14889DE8AA8BB62E775F805CB64

Function 00BB7710 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 55f151d2bce102646918e55f5c303bf5aa53af3a5fd69bf186c0ac999386ca66
Instruction ID: d87e685d24f99c12105bdc95ae3e70f55af104694a1ad0d8d00ba12edc9e3288
Opcode Fuzzy Hash: 55f151d2bce102646918e55f5c303bf5aa53af3a5fd69bf186c0ac999386ca66
Instruction Fuzzy Hash: 03917A7164C301ABE720DE15DC80BBBB7E5EBC9350F548898F58597351EB70E940CBA2

Function 00BBA0D0 Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9aae847e2a2c8993505d5955198dbf501fb04aed6f994b206d9c10baca780e2
Instruction ID: d460167d441371a475779589a3161d0bf28499e1568a030f0867401c3bbb20b3
Opcode Fuzzy Hash: d9aae847e2a2c8993505d5955198dbf501fb04aed6f994b206d9c10baca780e2
Instruction Fuzzy Hash: AE81AB34A087019FD724DF28C890A7EB7F5EF89740F4589ACE5869B251E771EC50CB92

Function 00BA64F0 Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32afd713ac102d0af398771a3211beeee1f103e1c3820616f861cec62a7acaa1
Instruction ID: a5d57f8ae4a0701a8e9a9dd3d0681681a8969d989396cfa5a14572d9cbff7663
Opcode Fuzzy Hash: 32afd713ac102d0af398771a3211beeee1f103e1c3820616f861cec62a7acaa1
Instruction Fuzzy Hash: 7A71C673B2DA904BC3149D7C4C823A5AA835BE7334B3DC3B9A9B4CB3E5D9698C064350

Function 00B928E9 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 317599b2310f9dafa804263a7fe5841fac7c2959bc1eb603e678e6ea788fb163
Instruction ID: 81f9ea4af4c2cc4bd82e1998420502d7bde918c5998bd4b40d683857c1cf50ad
Opcode Fuzzy Hash: 317599b2310f9dafa804263a7fe5841fac7c2959bc1eb603e678e6ea788fb163
Instruction Fuzzy Hash: 416178B48183509BDB10AF54D881A2ABBF0FFA6754F0489ACE4C59B261E339D910CB67

Function 00B97C00 Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2703dde4d0249f86e82217de05a78073c43920e267f84e13156e86ecabcfe594
Instruction ID: d1e23399c91f9c1d203ca25524d440efc5c1f3272072005bb302c671d2390d37
Opcode Fuzzy Hash: 2703dde4d0249f86e82217de05a78073c43920e267f84e13156e86ecabcfe594
Instruction Fuzzy Hash: 1751BEB16A8204ABDF209B24CC82BB737F4EF85354F1489A8F9858B291FB75D901C761

Function 00C01F27 Relevance: .2, Instructions: 225COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99e21a191a9fb593b8ee58d0084beaa788a546cccb43c82704df8a4f155ac8ad
Instruction ID: 62b70e0945fd02cd807479a6d0403e825cf612166cb1a844efd43a537696d098
Opcode Fuzzy Hash: 99e21a191a9fb593b8ee58d0084beaa788a546cccb43c82704df8a4f155ac8ad
Instruction Fuzzy Hash: 54617AF3E186101BF3044928DC9537AB7DAEBD4320F2F863DDA8997784D9796D0682C5

Function 00BA1860 Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
Instruction ID: d10a011d118e123c174f82e3a0add42201637b20ec48c9836ec103b39871570a
Opcode Fuzzy Hash: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
Instruction Fuzzy Hash: C361BD3160D311ABD794CE2CC58032FBBE6EBC6350F64CDAEE4A98B251D274DD869741

Function 00BA82D0 Relevance: .2, Instructions: 215COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85c9e3b31fab92d7d8a7beb75ba60f2f33dbab5587c2c47d7a0fb30c9303e47a
Instruction ID: a5a2832afc4694d4ff1927ac5b04ea5e81b33d85005e1efe6aa37aa06f0a5b04
Opcode Fuzzy Hash: 85c9e3b31fab92d7d8a7beb75ba60f2f33dbab5587c2c47d7a0fb30c9303e47a
Instruction Fuzzy Hash: E3613623A1E9904BC315853D5C963A6AAC35BE7730F3EC3E6A8B18B7E4DDA988014341

Function 00C1F451 Relevance: .2, Instructions: 209COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a673b66c4adca5dc68fbcf4068f5ccf3eb0f845dd727f380ab1c1615e205f8f
Instruction ID: 96ea374bd142a96a71ddd58d14117b620c670238a47b0dd9bda8b96e45fdf0a7
Opcode Fuzzy Hash: 8a673b66c4adca5dc68fbcf4068f5ccf3eb0f845dd727f380ab1c1615e205f8f
Instruction Fuzzy Hash: C15169F3E082205BE3085A3DED5572ABBD9DBD4720F1B853EEA89E3784E9754C0542D2

Function 00B842FC Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46b61d169e00c7cafddca77202cef509a2587f999e30e3171abe6f71187290da
Instruction ID: b095a63adc797f2943ba6a2684089f2caaf13a987b5a7c04b68479b97a19ce29
Opcode Fuzzy Hash: 46b61d169e00c7cafddca77202cef509a2587f999e30e3171abe6f71187290da
Instruction Fuzzy Hash: F681EFB4810B00AFD360EF39D947757BEF4AB06601F404A5DE4EE97694E730A459CBE2

Function 00BAE8A0 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
Instruction ID: faae515d5236d39986cdbaa7ddca3d880f44b24f2cfd4c004fb9753cbca248bd
Opcode Fuzzy Hash: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
Instruction Fuzzy Hash: F9514BB16087548FE314DF69D49435BBBE1BB85318F044E2DE4E987350E379DA088F92

Function 00BF3AC1 Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2efec97747b2a12d8ff48af1db27170816f5134cecf2649f4300d464d7e5729
Instruction ID: 1d4ec67858b3c9e634d2724669dfe946a2cf5198f50802be2fe6e7231f1ef776
Opcode Fuzzy Hash: e2efec97747b2a12d8ff48af1db27170816f5134cecf2649f4300d464d7e5729
Instruction Fuzzy Hash: 88517BF3A083185BE3146D7DDC94737B7D6EB94320F2A823DE784D7788E97958018282

Function 00BB7520 Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bc8da0b8dcf4e8eed81c3b88a633b5f9faba5ea63817fca498ddb125305218f
Instruction ID: 71ea98729dab79f71f5256ebc3ca3dc65f3b70e626fb01f48c451fd97b119c66
Opcode Fuzzy Hash: 4bc8da0b8dcf4e8eed81c3b88a633b5f9faba5ea63817fca498ddb125305218f
Instruction Fuzzy Hash: A551E43164C2009FC7259E19DC90B7EB7E6EBC9354F288A6CE8D657391DA71AC10C791

Function 00E38735 Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c88860271966122b93fd1f20eedbaf80671ed00016d4107b6537e70c483e21fc
Instruction ID: 6fedec39936dca6dc0c0f0d1d0cdaf480772190f4a6612ee7eab7504734bf189
Opcode Fuzzy Hash: c88860271966122b93fd1f20eedbaf80671ed00016d4107b6537e70c483e21fc
Instruction Fuzzy Hash: 785184B250C304DFD3047E28DA496BABBE9EB41751F61582EF6C6E7200EE315850D797

Function 00B75A50 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdd7acebee81cfa8dca8045e955af748b74c5cb44d5d42983f07da594985c9ca
Instruction ID: 7206e85b22e5089a9dac08843632f945501a853316507a58c24914598b8c91c5
Opcode Fuzzy Hash: fdd7acebee81cfa8dca8045e955af748b74c5cb44d5d42983f07da594985c9ca
Instruction Fuzzy Hash: 9251A4759087049FC724DF24C890926B7E1FF85324F1986ACF8AD9B352DA71EC41CB92

Function 00B9EC48 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 643c902755ee726754cb2cb3e93631c859cdaadba0dec9f411229e29fd2dd11b
Instruction ID: cb2dc947df0b367ac7fc497fcb50b88590518118870928ddb91a09baf0e1ac5a
Opcode Fuzzy Hash: 643c902755ee726754cb2cb3e93631c859cdaadba0dec9f411229e29fd2dd11b
Instruction Fuzzy Hash: 57417D74900315DBDF20CF58DC91BADB7B0FF0A340F1445A8E995AB2A1EB78A951CB91

Function 00CC684E Relevance: .1, Instructions: 141COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8cb279e4fb9f7cf60296a4006a377c2f3b9acbeeb698e195217c4381e6330c0
Instruction ID: 11ae4b763952c031ddb90ec8c89f1f8219a2d9f8518714da5ad2ec54c4cc2d52
Opcode Fuzzy Hash: f8cb279e4fb9f7cf60296a4006a377c2f3b9acbeeb698e195217c4381e6330c0
Instruction Fuzzy Hash: 46415BF3F483145BF308697DEC98736778AD7C4720F2A823DEA4597788EC7919068195

Function 00BB9B60 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4b001430e5627b676546b418b662941c353cd4947ea52947c98abde90841897
Instruction ID: 95326f4c386c2bac8283e3aa1bd1e1154997c26f8707b0b41eb5512de480a76c
Opcode Fuzzy Hash: d4b001430e5627b676546b418b662941c353cd4947ea52947c98abde90841897
Instruction Fuzzy Hash: 0241B134608304ABDB20DF15D990B7FBBE6EB85710F1488ACF68997251D3B5EC40CBA2

Function 00B82030 Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a867b6706cf9c4e879cb07d4c7f3d481c58eb6fdb0196e4a059e6217d5e3f25a
Instruction ID: aa73c1e030c6d794f856bf3b995b56a8dc82a8e42349e510d091c6e6e054c707
Opcode Fuzzy Hash: a867b6706cf9c4e879cb07d4c7f3d481c58eb6fdb0196e4a059e6217d5e3f25a
Instruction Fuzzy Hash: 2141E772A083654FD35CDF29C49423ABBE2AFC5300F19866EE4D6873E4DAB48945DB81

Function 00B81E93 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c71f67b106cb13c5341d7980bc88c17322e8ac82d35226b38827ad7160bef97a
Instruction ID: eb42d9b6708e4e261990c2d41ca55697455b2ac81bdf1e26ebfb0fc5c7372a57
Opcode Fuzzy Hash: c71f67b106cb13c5341d7980bc88c17322e8ac82d35226b38827ad7160bef97a
Instruction Fuzzy Hash: 2341EE745093809BD320AB58C884B2EFBF5FB8A345F144D5CF6C4972A2C376E815CB66

Function 00BB8D8A Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58cf849cab68d6924e5473faefc69b8976e766f659a57e989de2faab4c561677
Instruction ID: 90d63ecc087df934b262e5c63c9e76f13caae9332446fbb48493e188ad90731e
Opcode Fuzzy Hash: 58cf849cab68d6924e5473faefc69b8976e766f659a57e989de2faab4c561677
Instruction Fuzzy Hash: 2341A0316082548FC714DF68C49057EFBEAEF99300F198A6ED4D5972A1DBB5DD01CB82

Function 00B8D961 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20996dfe0eca0d5f1cb884cac1ed76835d0d8ebf3919d00211114f25ec301732
Instruction ID: 3220a1f8f09b6e0e0986158b1293b05e6fb9c43ac5e505137a3260a659498c82
Opcode Fuzzy Hash: 20996dfe0eca0d5f1cb884cac1ed76835d0d8ebf3919d00211114f25ec301732
Instruction Fuzzy Hash: E84179B16083818BD734AF14C881BABB7F0FF96365F044999E59A8B7A1E7744940CB53

Function 00C7AA81 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69c825973bbb8331bf234dd380e8556ecbed2f5d0ec89de64c1263fc9a0c0246
Instruction ID: deb69ceefebaf4d19ebde679d44d3e6517634990fa6315cbd13e6743f8a3406f
Opcode Fuzzy Hash: 69c825973bbb8331bf234dd380e8556ecbed2f5d0ec89de64c1263fc9a0c0246
Instruction Fuzzy Hash: 4A310AB3A1C6084FD3096E3CEC55776B7DADB84320F168A3EE586D37C4ED7568048686

Function 00BAF030 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
Instruction ID: be80ab6c8823dee72b16d6a70ab0e67526954f61377776643f5175b1ef660a68
Opcode Fuzzy Hash: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
Instruction Fuzzy Hash: 1F21253290C2255BC3249F99C48157AF7E4EB9A704F06866ED8C4A7295E3359C1087E1

Function 00BB67EF Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba433d6e32e3e4a1e58bc13c6aadca94f942e4d704a4f75f9779a445fc0f563b
Instruction ID: ba6e0115d477894a0a7fe958c532259e5d3fb57b39c42616af05204c6b75cc37
Opcode Fuzzy Hash: ba433d6e32e3e4a1e58bc13c6aadca94f942e4d704a4f75f9779a445fc0f563b
Instruction Fuzzy Hash: 5A3134705183829BE714CF14C490A6FBBF0EF96784F50584DF4C8AB261D778D985CB9A

Function 00B95E70 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ecb2a7ecb04b88a43cb9138835db0f4b466a38afaf9b0e92e3b6eecc589f1796
Instruction ID: 7918fa4ccffec2da79c96c8584c133bf6f0c34b8807bbdc58ea278f3a9df84c1
Opcode Fuzzy Hash: ecb2a7ecb04b88a43cb9138835db0f4b466a38afaf9b0e92e3b6eecc589f1796
Instruction Fuzzy Hash: F021E271408600CBC721AF28C851A6BBBF4EF92764F44896CF4D98B292E335CD00CBA3

Function 00B749A0 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
Instruction ID: 321b474e8b82edfe5b395e6ae2488d7a9ac845891f20a90c8328f04654745ffb
Opcode Fuzzy Hash: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
Instruction Fuzzy Hash: 7931A2316482009FD7149E58D880A2BB7E1EFC435AF18C9BDE9AE9B251E331DD52CB46

Function 00BB64B8 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bee04db1f6c05a868ce9de570f58412f2c3007e52fcdf7b67758d3e229e080db
Instruction ID: ee7aeaa99f4934581c15ce0b7f032a1c1ebde6c0b12cb5a6d0264795453bff4f
Opcode Fuzzy Hash: bee04db1f6c05a868ce9de570f58412f2c3007e52fcdf7b67758d3e229e080db
Instruction Fuzzy Hash: 0C2123706082409BC718EF19D880A2EBBE6FB99745F28885CE4C593361C779AC91CB62

Function 00BB5700 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 748cd330220bb26d814dbf0f1b56b30a772335ad5c4e1abd79c77f53048cf2ba
Instruction ID: a1c733e0080573720d541646d6896e5f34828a1467d5b586ae2d1e30506f16ac
Opcode Fuzzy Hash: 748cd330220bb26d814dbf0f1b56b30a772335ad5c4e1abd79c77f53048cf2ba
Instruction Fuzzy Hash: 28119E75A1C240EBC311AF28E840A6FBBF9EF8AB10F158868E4C49B211D735D811CB93

Function 00BAB650 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction ID: 4b7d4ba30caa235a7f2bac0dd9b07a22135694120aa94c292feb9b00648e43a8
Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction Fuzzy Hash: 2611E533A091D80EC7168D3C8440969FFE35AA3234B5983D9F4B89B2D3D7228D8A9364

Function 00BA0B80 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
Instruction ID: ddcb5551e8c6a979af9e272af5806cade63947c632afc666e6209b5bbeb0fff6
Opcode Fuzzy Hash: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
Instruction Fuzzy Hash: 8601B5F1A1830147E720BE6095D0B3BB2E8AF56718F4845BCD41A47201DB75EC04C2A1

Function 00B9D1E1 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 746c86143ef81d53e7c3e047aa1364048efaefd220646881f9f87d6be0c2c7a9
Instruction ID: e59b5f5919b2744735acaa789f2c49aab6a96a3b47b7f6a8ba48c9fccc24bd1b
Opcode Fuzzy Hash: 746c86143ef81d53e7c3e047aa1364048efaefd220646881f9f87d6be0c2c7a9
Instruction Fuzzy Hash: A2111CB0408380AFD310AF61C484A2FFBE0EBA6714F148C5DF2A49B251C379E809CF06

Function 00B76EA0 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bf18f8bb2e6aa6f43c5cb7aafb321fb6767b3babf28ec19281cf5ee07a84c27
Instruction ID: a4815a7e2d479380bf0f985ef2b0839472b93bb32c1c857b15496bfef14d5d91
Opcode Fuzzy Hash: 4bf18f8bb2e6aa6f43c5cb7aafb321fb6767b3babf28ec19281cf5ee07a84c27
Instruction Fuzzy Hash: 18F0593EB1860A0FA210CDAAE8C0C3BF3D6D7C9354B049538EE54C3201DDB2E80281D0

Function 00BAB8C0 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
Instruction ID: 6506d07c58c905065930edc77b6421f51c28c54387ea28b09faa2761b04cb969
Opcode Fuzzy Hash: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
Instruction Fuzzy Hash: 1E0162B3A199610B8348CE3DDC1156BBAD15BD5770F19872DBEF5CB3E0D230C8118695

Function 00B8C5F0 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
Instruction ID: afd6f86e1ed7dc578beff9a6215ab27dc393fb41cabbec3b70aacfa27007612f
Opcode Fuzzy Hash: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
Instruction Fuzzy Hash: EB014B72A196204B8308CE3C9C1112ABEE19B86330F158B2EBCFAD73E0D664CD548696

Function 00B8B410 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
Instruction ID: 1825aa5028e79e75ed4a3c393a922e8f907868b29dfb57ee14bc3cdbfd55d464
Opcode Fuzzy Hash: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
Instruction Fuzzy Hash: CEF0ECB160451057DF229AA49CC1F3BBBDCCB8B354F1D04A6E84557313D2619845C3E5

Function 00BA8220 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 090b650651653127e54a7717435fc457c46a9d93c31857348731df46af9ab7b1
Instruction ID: fa899732315658b8a8fd0f71c0b673793188cc25ab7e7f3d47024c36c2564602
Opcode Fuzzy Hash: 090b650651653127e54a7717435fc457c46a9d93c31857348731df46af9ab7b1
Instruction Fuzzy Hash: A501E4B0410B009FC360EF29C445797BFE8EB08714F104A1DE8AECB680D774A5448B82

Function 00BB1440 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
Instruction ID: f66c8ff7030c82796048755132068e4081599779d0b45092f76d2bb30677ab18
Opcode Fuzzy Hash: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
Instruction Fuzzy Hash: 66D05E21608321479B648E1DA4109B7F7E0EA87B11B89999EF586E3248D230DC41C6A9

Function 00B81ACD Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37725a0953dd2906d016c0df0ae8efb1044942be3d59b7a2b4733b5fe01e12be
Instruction ID: 1d0b3ebeb72d2b52d6628cd6ff1a97899da29ee25d1996b53ab593f8fd7cd2fa
Opcode Fuzzy Hash: 37725a0953dd2906d016c0df0ae8efb1044942be3d59b7a2b4733b5fe01e12be
Instruction Fuzzy Hash: E8C01234A190028B82089F04FCA5832A2B8A30A209710643ADA02E3321CEA0C4028A09

Function 00BB6094 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9428a3d98ab6d261c0259937e1363372be1267e260152ab80d2bde59e204f6bc
Instruction ID: 525a8320ae22c9c1b816e27a8e059fe06aa1d142110d95c7d709c49b88d5783e
Opcode Fuzzy Hash: 9428a3d98ab6d261c0259937e1363372be1267e260152ab80d2bde59e204f6bc
Instruction Fuzzy Hash: 20C09B3465C04087D18CCF08D951D75F3F69B9FF14764F05DC80623295C534D912951D

Function 00B81A3C Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30ded7b425a8a70969b5b4ace4db0ea1e10697f4b3d997a3892aa4dd0656e302
Instruction ID: 7bf0d884c970caa4e9461a3e33ab9bbc5619e0889665bdb20c29157ed09742d9
Opcode Fuzzy Hash: 30ded7b425a8a70969b5b4ace4db0ea1e10697f4b3d997a3892aa4dd0656e302
Instruction Fuzzy Hash: 68C04C24A590418B82489E89ECE1432A2EC5306208710353A9612F7361C9A0D4058609

Function 00BB5FD6 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B70000, based on PE: true

Associated: 00000000.00000002.1724875341.0000000000B70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724925776.0000000000BD0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1724942059.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725048853.0000000000D3A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725063782.0000000000D3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725112491.0000000000D65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725126164.0000000000D68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725140631.0000000000D71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725154231.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725167732.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725182223.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725198366.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725212437.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725230813.0000000000D8D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725244320.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725257512.0000000000D90000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725270960.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725285039.0000000000D98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725298710.0000000000D9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725312496.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725344525.0000000000DBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725356986.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725369864.0000000000DC4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725384417.0000000000DC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725399125.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725412666.0000000000DD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725427458.0000000000DD4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725441494.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725455966.0000000000DE2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725469256.0000000000DE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725482540.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725496562.0000000000DEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725511935.0000000000DF2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725525839.0000000000DF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725538985.0000000000DF8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725553095.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725567657.0000000000E04000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725580877.0000000000E06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725597709.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725610742.0000000000E44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725660990.0000000000E5B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725676661.0000000000E5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725689224.0000000000E5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725702031.0000000000E60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725716845.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725730391.0000000000E7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725760296.0000000000E8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1725772938.0000000000E8B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c7b20aca69647345497241093fe5f054cde06804c3d4d0d5e4c143289289251
Instruction ID: 91de2cde7dfc3de3556a53164ba940db62fdbbec66ae51cff1ae1de6ccc0ede2
Opcode Fuzzy Hash: 5c7b20aca69647345497241093fe5f054cde06804c3d4d0d5e4c143289289251
Instruction Fuzzy Hash: 9EC09224B680008BE28CCF18DD51D35F2FA9B8FE18B54F02DC806A3256D934E912860C

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Windows Analysis Report
file.exe

Function 00BB50FA Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63
libraryCOMMON

Function 00B7FCA0 Relevance: 5.4, Strings: 4, Instructions: 373
COMMON

Function 00B7D110 Relevance: 1.7, APIs: 1, Instructions: 168
COMMON

Function 00BB5BB0 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Function 00BB695B Relevance: 1.4, Strings: 1, Instructions: 100
COMMON

Function 00B8049B Relevance: .3, Instructions: 264
COMMON

Function 00B80228 Relevance: .2, Instructions: 218
COMMON

Function 00BB3220 Relevance: 1.6, APIs: 1, Instructions: 59
memoryCOMMON

Function 00BB3202 Relevance: 1.5, APIs: 1, Instructions: 6
memoryCOMMON