Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1538479
MD5:	dc43c9288aea0674eedfbe45f76ce6cc
SHA1:	10bfb95432e5f7ae66ef733ff82f9754dbfdd058
SHA256:	96681940b7062345ddf56e494ee4f177098d5789c38eba3f6d751389a029d25a
Tags:	exeuser-Bitsight
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Hides threads from debuggers

LummaC encrypted strings found

Machine Learning detection for sample

PE file contains section with special chars

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Detected potential crypto function

Entry point lies outside standard sections

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

file.exe (PID: 4876 cmdline: "C:\Users\user\Desktop\file.exe" MD5: DC43C9288AEA0674EEDFBE45F76CE6CC)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["eaglepawnoy.store", "spirittunek.store", "licendfilteo.site", "mobbipenju.store", "clearancek.site", "studennotediw.store", "bathdoomgaz.store", "dissapoiznw.store"], "Build id": "BYc--0"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Suricata Signatures

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-21T11:37:09.179095+0200	2056477	1	Domain Observed Used for C2 Detected	192.168.2.6	56684	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-21T11:37:09.115957+0200	2056471	1	Domain Observed Used for C2 Detected	192.168.2.6	61633	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-21T11:37:09.153895+0200	2056481	1	Domain Observed Used for C2 Detected	192.168.2.6	62675	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-21T11:37:09.141421+0200	2056483	1	Domain Observed Used for C2 Detected	192.168.2.6	53030	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-21T11:37:09.203784+0200	2056473	1	Domain Observed Used for C2 Detected	192.168.2.6	55726	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-21T11:37:09.129063+0200	2056485	1	Domain Observed Used for C2 Detected	192.168.2.6	52867	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-21T11:37:09.192144+0200	2056475	1	Domain Observed Used for C2 Detected	192.168.2.6	54440	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-21T11:37:09.166262+0200	2056479	1	Domain Observed Used for C2 Detected	192.168.2.6	53312	1.1.1.1	53	UDP

ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-21T11:37:10.811890+0200	2858666	1	Domain Observed Used for C2 Detected	192.168.2.6	49711	104.102.49.254	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://steamcommunity.com:443/profiles/76561199724331900

URL Reputation: Label: malware

Found malware configuration

Source: file.exe.4876.0.memstrmin

Malware Configuration Extractor: LummaC {"C2 url": ["eaglepawnoy.store", "spirittunek.store", "licendfilteo.site", "mobbipenju.store", "clearancek.site", "studennotediw.store", "bathdoomgaz.store", "dissapoiznw.store"], "Build id": "BYc--0"}

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp	String decryptor: clearancek.site
Source: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp	String decryptor: licendfilteo.site
Source: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp	String decryptor: spirittunek.store
Source: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp	String decryptor: bathdoomgaz.store
Source: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp	String decryptor: studennotediw.store
Source: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp	String decryptor: dissapoiznw.store
Source: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp	String decryptor: eaglepawnoy.store
Source: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp	String decryptor: mobbipenju.store
Source: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp	String decryptor: clearancek.site
Source: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp	String decryptor: 4SD0y4--legendaryy

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49711 version: TLS 1.2

Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00BC50FA
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00B8D110
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00B8D110
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh	0_2_00BC63B8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00BC5700
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	0_2_00BC99D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h	0_2_00BC695B
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	0_2_00B8FCA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	0_2_00B90EEC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00BC6094
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then dec ebx	0_2_00BBF030
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	0_2_00B96F91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, dword ptr [edx]	0_2_00B81000
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	0_2_00BC4040
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	0_2_00BAD1E1
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00B942FC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_00BA2260
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [esi], ax	0_2_00BA2260
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00BB23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00BB23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00BB23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_00BB23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00BB23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+14h]	0_2_00BB23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebp, eax	0_2_00B8A300
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh	0_2_00BC64B8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp], 00000000h	0_2_00B9B410
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00BAE40C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	0_2_00BAC470
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00B9D457
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx eax, word ptr [esi+ecx]	0_2_00BC1440
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [ecx+esi+25h]	0_2_00B88590
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00B96536
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh	0_2_00BC7520
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00BA9510
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00BAE66A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_00BBB650
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00BAD7AF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+08h]	0_2_00BC67EF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [edi+eax]	0_2_00BC7710
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_00BA28E9
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+edi]	0_2_00B849A0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h	0_2_00BC3920
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h	0_2_00B9D961
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00B91ACD
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00B91A3C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+ebx]	0_2_00B85A50
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	0_2_00BC4A40
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_00BB0B80
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+40h]	0_2_00B91BEE
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00B93BE2
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+000006B8h]	0_2_00B9DB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h	0_2_00B9DB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	0_2_00BC9B60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00BAAC91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [edx], ax	0_2_00BAAC91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00BC9CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh	0_2_00BC9CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h	0_2_00BACCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00BACCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h	0_2_00BACCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh	0_2_00BBFC20
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h	0_2_00BA7C00
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [eax+esi+02h], 0000h	0_2_00BAEC48
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00BC8D8A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00BADD29
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh	0_2_00BAFD10
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp byte ptr [ebx], 00000000h	0_2_00B96EBF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [ebp+00h]	0_2_00B8BEB0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [ecx+esi]	0_2_00B86EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+40h]	0_2_00B91E93
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edi, ecx	0_2_00B94E2A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00BA5E70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00BA7E60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, word ptr [ecx]	0_2_00BAAE57
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	0_2_00B96F91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [edx], 0000h	0_2_00B9FFDF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00B88FD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00BC5FD6
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h	0_2_00BC7FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00BC7FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00BBFF70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00BA9F62

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.6:61633 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.6:54440 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.6:53030 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.6:53312 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.6:62675 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.6:56684 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.6:52867 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.6:55726 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.6:49711 -> 104.102.49.254:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: eaglepawnoy.store
Source: Malware configuration extractor	URLs: spirittunek.store
Source: Malware configuration extractor	URLs: licendfilteo.site
Source: Malware configuration extractor	URLs: mobbipenju.store
Source: Malware configuration extractor	URLs: clearancek.site
Source: Malware configuration extractor	URLs: studennotediw.store
Source: Malware configuration extractor	URLs: bathdoomgaz.store
Source: Malware configuration extractor	URLs: dissapoiznw.store

Source: Joe Sandbox View

IP Address: 104.102.49.254 104.102.49.254

Source: Joe Sandbox View

ASN Name: AKAMAI-ASUS AKAMAI-ASUS

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: global traffic

HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

Source: file.exe, 00000000.00000002.2214944045.000000000059B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2195659404.000000000059B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://h equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: YContent-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd883ccb3237fa39d2837163d0f38217b; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=b2ccaf742db2c221676d7547; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type25258Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveMon, 21 Oct 2024 09:37:10 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-ControlAF equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: elp.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: clearancek.site
Source: global traffic	DNS traffic detected: DNS query: mobbipenju.store
Source: global traffic	DNS traffic detected: DNS query: eaglepawnoy.store
Source: global traffic	DNS traffic detected: DNS query: dissapoiznw.store
Source: global traffic	DNS traffic detected: DNS query: studennotediw.store
Source: global traffic	DNS traffic detected: DNS query: bathdoomgaz.store
Source: global traffic	DNS traffic detected: DNS query: spirittunek.store
Source: global traffic	DNS traffic detected: DNS query: licendfilteo.site
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com

Source: file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:27060
Source: file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2195691419.0000000000561000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2214859085.0000000000561000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2195691419.0000000000561000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2214859085.0000000000561000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2195691419.0000000000561000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2214859085.0000000000561000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.steampowered.com/
Source: file.exe, 00000000.00000003.2195691419.000000000054E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2214859085.000000000054E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bathdoomgaz.store:443/apipg
Source: file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
Source: file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkout.steampowered.com/
Source: file.exe, 00000000.00000002.2214899190.0000000000583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clearancek.site/api7
Source: file.exe, 00000000.00000003.2195691419.000000000054E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2214859085.000000000054E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clearancek.site:443/api
Source: file.exe, 00000000.00000003.2195691419.000000000054E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2214859085.000000000054E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clearancek.site:443/apii
Source: file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/
Source: file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2195582269.0000000000563000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/css/applications/community/main.css?v=DVae4t4RZiHA&l=en
Source: file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/css/globalv2.css?v=dQy8Omh4p9PH&l=english
Source: file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/css/skin_1/fatalerror.css?v=wctRWaBvNt2z&l=english
Source: file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/css/skin_1/header.css?v=pTvrRy1pm52p&l=english
Source: file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2195691419.0000000000561000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2214859085.0000000000561000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/applications/community/libraries~b28b7af69.js?v=
Source: file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2195691419.0000000000561000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2214859085.0000000000561000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/applications/community/main.js?v=4XouecKy8sZy&am
Source: file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2195582269.0000000000563000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/applications/community/manifest.js?v=r7a4-LYcQOj
Source: file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/global.js?v=7qlUmHSJhPRN&l=english
Source: file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
Source: file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
Source: file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL&l=
Source: file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/css/buttons.css?v=-WV9f1LdxEjq&l=english
Source: file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/css/motiva_sans.css?v=v7XTmVzbLV33&l=english
Source: file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/css/shared_global.css?v=uF6G1wyNU-4c&l=english
Source: file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/css/shared_responsive.css?v=kR9MtmbWSZEp&l=engli
Source: file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&l=engl
Source: file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/javascript/shared_global.js?v=7glT1n_nkVCs&l=eng
Source: file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvIAKtunf
Source: file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
Source: file.exe, 00000000.00000003.2195691419.000000000054E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2214859085.000000000054E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://eaglepawnoy.store:443/api
Source: file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/
Source: file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/en/
Source: file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.steampowered.com/
Source: file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lv.queniujq.cn
Source: file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://medal.tv
Source: file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://player.vimeo.com
Source: file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net
Source: file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.ytimg.com;
Source: file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sketchfab.com
Source: file.exe, 00000000.00000003.2195691419.000000000054E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2214859085.000000000054E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://spirittunek.store:443/api
Source: file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steam.tv/
Source: file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast.akamaized.net
Source: file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.c
Source: file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2195691419.0000000000561000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2214859085.0000000000561000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com
Source: file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: file.exe, 00000000.00000002.2214899190.0000000000565000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2195582269.0000000000563000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/(
Source: file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/discussions/
Source: file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2195691419.0000000000561000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2214859085.0000000000561000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/market/
Source: file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: file.exe, 00000000.00000002.2214899190.0000000000565000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2195582269.0000000000563000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
Source: file.exe, 00000000.00000002.2214770282.0000000000545000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900&&
Source: file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/workshop/
Source: file.exe, 00000000.00000003.2195691419.000000000054E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2214859085.000000000054E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900
Source: file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/
Source: file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2214899190.0000000000583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;
Source: file.exe, 00000000.00000002.2214899190.0000000000583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd883ccb3237fa39
Source: file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/about/
Source: file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/explore/
Source: file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2195691419.0000000000561000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2214859085.0000000000561000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/legal/
Source: file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/mobile
Source: file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/news/
Source: file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/stats/
Source: file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/
Source: file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2195582269.0000000000563000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com
Source: file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443

Source: unknown

HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49711 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B90228	0_2_00B90228
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCA0D0	0_2_00BCA0D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B92030	0_2_00B92030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B81000	0_2_00B81000
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC4040	0_2_00BC4040
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D4D02A	0_2_00D4D02A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8E1A0	0_2_00B8E1A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B871F0	0_2_00B871F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D4811A	0_2_00D4811A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B85160	0_2_00B85160
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B812F7	0_2_00B812F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB82D0	0_2_00BB82D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB12D0	0_2_00BB12D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D572AB	0_2_00D572AB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8B3A0	0_2_00B8B3A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B813A3	0_2_00B813A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB23E0	0_2_00BB23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8A300	0_2_00B8A300
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D5C32D	0_2_00D5C32D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9049B	0_2_00B9049B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B94487	0_2_00B94487
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB64F0	0_2_00BB64F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BAC470	0_2_00BAC470
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B835B0	0_2_00B835B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B88590	0_2_00B88590
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9C5F0	0_2_00B9C5F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC86F0	0_2_00BC86F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBF620	0_2_00BBF620
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D4666E	0_2_00D4666E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D2E60D	0_2_00D2E60D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC8652	0_2_00BC8652
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8164F	0_2_00B8164F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D5A7BD	0_2_00D5A7BD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBE8A0	0_2_00BBE8A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D5F8C8	0_2_00D5F8C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBB8C0	0_2_00BBB8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB1860	0_2_00BB1860
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8A850	0_2_00B8A850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC89A0	0_2_00BC89A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA098B	0_2_00BA098B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D50AD6	0_2_00D50AD6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC7AB0	0_2_00BC7AB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CACAC5	0_2_00CACAC5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC8A80	0_2_00BC8A80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC4A40	0_2_00BC4A40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B87BF0	0_2_00B87BF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D49B59	0_2_00D49B59
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9DB6F	0_2_00B9DB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF9B5B	0_2_00BF9B5B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC6CBF	0_2_00BC6CBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BACCD0	0_2_00BACCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC8C02	0_2_00BC8C02
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C09C16	0_2_00C09C16
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D53C0F	0_2_00D53C0F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB9DD0	0_2_00CB9DD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C29D52	0_2_00C29D52
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BADD29	0_2_00BADD29
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BAFD10	0_2_00BAFD10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA8D62	0_2_00BA8D62
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D58D3B	0_2_00D58D3B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B96EBF	0_2_00B96EBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8BEB0	0_2_00B8BEB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B94E2A	0_2_00B94E2A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC8E70	0_2_00BC8E70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BAAE57	0_2_00BAAE57
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D11FC5	0_2_00D11FC5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E06F86	0_2_00E06F86
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B88FD0	0_2_00B88FD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC7FC0	0_2_00BC7FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8AF10	0_2_00B8AF10

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00B8CAA0 appears 48 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00B9D300 appears 152 times

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: ZLIB complexity 0.9996132425742574

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/0@9/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00BB8220 CoCreateInstance,

0_2_00BB8220

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior

Source: file.exe

Static file information: File size 2986496 > 1048576

Source: file.exe

Static PE information: Raw size of ugbetnis is bigger than: 0x100000 < 0x2afa00

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.b80000.0.unpack :EW;.rsrc :W;.idata :W;ugbetnis:EW;nmfuvorh:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;ugbetnis:EW;nmfuvorh:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x2dab13 should be: 0x2e0b37

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name: ugbetnis
Source: file.exe	Static PE information: section name: nmfuvorh
Source: file.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E7F06B push 472D0FD6h; mov dword ptr [esp], edi	0_2_00E7F108
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E7F06B push 59D9D71Bh; mov dword ptr [esp], ebp	0_2_00E7F135
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4306D push edi; mov dword ptr [esp], 5A37E455h	0_2_00C43106
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4306D push 383EA6A1h; mov dword ptr [esp], ebx	0_2_00C43150
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4306D push eax; mov dword ptr [esp], ebx	0_2_00C43178
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D8703F push 6FEABE20h; mov dword ptr [esp], edx	0_2_00D87072
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D4D02A push esi; mov dword ptr [esp], ebp	0_2_00D4D039
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D4D02A push edi; mov dword ptr [esp], 7EDA5782h	0_2_00D4D07C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D4D02A push 4777AC65h; mov dword ptr [esp], eax	0_2_00D4D0D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D4D02A push edi; mov dword ptr [esp], ebx	0_2_00D4D0F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D4D02A push 36BFE9E0h; mov dword ptr [esp], edi	0_2_00D4D107
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D4D02A push 5FD9CD7Ch; mov dword ptr [esp], esi	0_2_00D4D144
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D4D02A push ebp; mov dword ptr [esp], 777F2C84h	0_2_00D4D169
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D4D02A push 058F03BCh; mov dword ptr [esp], eax	0_2_00D4D1CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D4D02A push edx; mov dword ptr [esp], 735A606Bh	0_2_00D4D1D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D4D02A push edi; mov dword ptr [esp], 567E7BD1h	0_2_00D4D224
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D4D02A push ecx; mov dword ptr [esp], ebx	0_2_00D4D2E6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D4D02A push 325E1001h; mov dword ptr [esp], edx	0_2_00D4D344
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D4D02A push ecx; mov dword ptr [esp], ebp	0_2_00D4D35E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D4D02A push esi; mov dword ptr [esp], 1FAB12A0h	0_2_00D4D38E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D4D02A push esi; mov dword ptr [esp], edi	0_2_00D4D3D3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D4D02A push 76F5C44Bh; mov dword ptr [esp], ebp	0_2_00D4D3F2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D4D02A push 5FD7482Dh; mov dword ptr [esp], esi	0_2_00D4D442
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D4D02A push 78029952h; mov dword ptr [esp], ebx	0_2_00D4D47B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D4D02A push edx; mov dword ptr [esp], ebp	0_2_00D4D49A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D4D02A push 7F4E2BCEh; mov dword ptr [esp], eax	0_2_00D4D4F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D4D02A push ebp; mov dword ptr [esp], edx	0_2_00D4D4FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D4D02A push ebx; mov dword ptr [esp], eax	0_2_00D4D53C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D4D02A push 35AE3E43h; mov dword ptr [esp], ebx	0_2_00D4D581
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D4D02A push edx; mov dword ptr [esp], 6D406487h	0_2_00D4D5DC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D4D02A push 4189E539h; mov dword ptr [esp], ecx	0_2_00D4D603

Source: file.exe

Static PE information: section name: entropy: 7.988947159062327

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE3D49 second address: BE3D53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F5FAD07F446h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6556F second address: D65593 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jg 00007F5FACC61D06h 0x0000000c popad 0x0000000d jmp 00007F5FACC61D0Fh 0x00000012 popad 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 push ecx 0x00000017 pop ecx 0x00000018 push esi 0x00000019 pop esi 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4B0FE second address: D4B102 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6458C second address: D645A2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F5FACC61D0Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D645A2 second address: D645AF instructions: 0x00000000 rdtsc 0x00000002 jg 00007F5FAD07F446h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D648BC second address: D648CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push ecx 0x00000008 push esi 0x00000009 pop esi 0x0000000a push edi 0x0000000b pop edi 0x0000000c pop ecx 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D648CC second address: D648DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jnp 00007F5FAD07F44Eh 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D648DE second address: D648E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D648E2 second address: D648E7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D67714 second address: D6778E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F5FACC61D0Dh 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e jns 00007F5FACC61D0Eh 0x00000014 jc 00007F5FACC61D08h 0x0000001a nop 0x0000001b mov dx, 7BF4h 0x0000001f push 00000000h 0x00000021 or dword ptr [ebp+122D3A78h], edx 0x00000027 xor dword ptr [ebp+122D1CCFh], ebx 0x0000002d push 9DDBF869h 0x00000032 pushad 0x00000033 push edx 0x00000034 pushad 0x00000035 popad 0x00000036 pop edx 0x00000037 push ecx 0x00000038 jnc 00007F5FACC61D06h 0x0000003e pop ecx 0x0000003f popad 0x00000040 add dword ptr [esp], 62240817h 0x00000047 push 00000003h 0x00000049 movzx edx, dx 0x0000004c movsx edx, dx 0x0000004f push 00000000h 0x00000051 or edi, 50580213h 0x00000057 push 00000003h 0x00000059 push ecx 0x0000005a sub dword ptr [ebp+122D3640h], esi 0x00000060 pop edi 0x00000061 push AF458B63h 0x00000066 push eax 0x00000067 push edx 0x00000068 jc 00007F5FACC61D0Ch 0x0000006e push eax 0x0000006f push edx 0x00000070 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6778E second address: D67792 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D67792 second address: D677E7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5FACC61D14h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [esp], 6F458B63h 0x00000010 push 00000000h 0x00000012 push eax 0x00000013 call 00007F5FACC61D08h 0x00000018 pop eax 0x00000019 mov dword ptr [esp+04h], eax 0x0000001d add dword ptr [esp+04h], 00000018h 0x00000025 inc eax 0x00000026 push eax 0x00000027 ret 0x00000028 pop eax 0x00000029 ret 0x0000002a cmc 0x0000002b mov dl, bh 0x0000002d lea ebx, dword ptr [ebp+124575CDh] 0x00000033 sub ecx, dword ptr [ebp+122D39AEh] 0x00000039 push eax 0x0000003a push eax 0x0000003b push edx 0x0000003c push edx 0x0000003d pushad 0x0000003e popad 0x0000003f pop edx 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D677E7 second address: D677EC instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6793D second address: D67992 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5FACC61D17h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push eax 0x0000000f call 00007F5FACC61D08h 0x00000014 pop eax 0x00000015 mov dword ptr [esp+04h], eax 0x00000019 add dword ptr [esp+04h], 00000015h 0x00000021 inc eax 0x00000022 push eax 0x00000023 ret 0x00000024 pop eax 0x00000025 ret 0x00000026 mov edx, 6FA7CC7Ah 0x0000002b push 00000000h 0x0000002d mov edi, dword ptr [ebp+122D2D73h] 0x00000033 call 00007F5FACC61D09h 0x00000038 push esi 0x00000039 push ebx 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D67992 second address: D679A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop esi 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a je 00007F5FAD07F446h 0x00000010 pop eax 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D679A3 second address: D679D9 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F5FACC61D08h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e jng 00007F5FACC61D1Ah 0x00000014 pushad 0x00000015 jmp 00007F5FACC61D0Ch 0x0000001a jne 00007F5FACC61D06h 0x00000020 popad 0x00000021 mov eax, dword ptr [eax] 0x00000023 jng 00007F5FACC61D10h 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c pop eax 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D679D9 second address: D679E8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D679E8 second address: D679EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4CB36 second address: D4CB3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4CB3A second address: D4CB76 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F5FACC61D06h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push eax 0x0000000e pushad 0x0000000f jmp 00007F5FACC61D0Ch 0x00000014 jg 00007F5FACC61D06h 0x0000001a jmp 00007F5FACC61D17h 0x0000001f popad 0x00000020 pushad 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D85A4B second address: D85A65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5FAD07F452h 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D85EDF second address: D85EEB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F5FACC61D06h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D86042 second address: D8608E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5FAD07F44Ch 0x00000007 jng 00007F5FAD07F446h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007F5FAD07F451h 0x00000014 pop esi 0x00000015 pushad 0x00000016 jmp 00007F5FAD07F44Fh 0x0000001b jmp 00007F5FAD07F44Ah 0x00000020 push esi 0x00000021 push eax 0x00000022 pop eax 0x00000023 pushad 0x00000024 popad 0x00000025 pop esi 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8608E second address: D86092 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D86317 second address: D86336 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F5FAD07F446h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F5FAD07F450h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D86336 second address: D8633A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8633A second address: D86344 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F5FAD07F446h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D86344 second address: D8635B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F5FACC61D0Fh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8635B second address: D8635F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D865CC second address: D865F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5FACC61D13h 0x00000009 pop eax 0x0000000a jmp 00007F5FACC61D0Ch 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D865F3 second address: D865F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D865F9 second address: D865FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D865FF second address: D86605 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D86605 second address: D86614 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jnp 00007F5FACC61D06h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D86A58 second address: D86A82 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5FAD07F453h 0x00000007 je 00007F5FAD07F446h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jnp 00007F5FAD07F44Ah 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 push eax 0x00000018 pop eax 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D86A82 second address: D86A8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D86BFD second address: D86C35 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F5FAD07F454h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F5FAD07F44Fh 0x00000015 jmp 00007F5FAD07F44Ah 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D86C35 second address: D86C39 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D86C39 second address: D86C3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D86C3F second address: D86C45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7D09A second address: D7D0A4 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F5FAD07F446h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7D0A4 second address: D7D0BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5FACC61D14h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8736C second address: D87375 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D87375 second address: D87388 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5FACC61D0Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D87514 second address: D8751A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8751A second address: D87520 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8783F second address: D8784F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F5FAD07F446h 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8A9D5 second address: D8A9DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F5FACC61D06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8A9DF second address: D8AA0F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5FAD07F450h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F5FAD07F457h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8AC28 second address: D8AC2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D91BB4 second address: D91BD6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5FAD07F456h 0x00000007 push eax 0x00000008 push edx 0x00000009 ja 00007F5FAD07F446h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D91D36 second address: D91D3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D91D3C second address: D91D41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D920F2 second address: D92112 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jng 00007F5FACC61D10h 0x0000000e jmp 00007F5FACC61D0Ah 0x00000013 push eax 0x00000014 push edx 0x00000015 jp 00007F5FACC61D06h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D92112 second address: D92129 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5FAD07F451h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D923CD second address: D923D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D923D1 second address: D923D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D923D9 second address: D923E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D93F58 second address: D93F5E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D93F5E second address: D93F96 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5FACC61D19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007F5FACC61D15h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D93F96 second address: D93F9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D93F9B second address: D93FD1 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F5FACC61D15h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e jl 00007F5FACC61D0Eh 0x00000014 jne 00007F5FACC61D08h 0x0000001a mov eax, dword ptr [eax] 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f jns 00007F5FACC61D06h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D93FD1 second address: D93FD5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D94319 second address: D9431D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9431D second address: D94323 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D94CDD second address: D94D35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5FACC61D12h 0x00000009 popad 0x0000000a push eax 0x0000000b push ecx 0x0000000c jc 00007F5FACC61D08h 0x00000012 pushad 0x00000013 popad 0x00000014 pop ecx 0x00000015 xchg eax, ebx 0x00000016 push 00000000h 0x00000018 push ecx 0x00000019 call 00007F5FACC61D08h 0x0000001e pop ecx 0x0000001f mov dword ptr [esp+04h], ecx 0x00000023 add dword ptr [esp+04h], 00000015h 0x0000002b inc ecx 0x0000002c push ecx 0x0000002d ret 0x0000002e pop ecx 0x0000002f ret 0x00000030 jo 00007F5FACC61D0Ch 0x00000036 sub edi, dword ptr [ebp+122D1D3Ch] 0x0000003c mov dword ptr [ebp+122D396Bh], edx 0x00000042 push eax 0x00000043 push eax 0x00000044 push edx 0x00000045 pushad 0x00000046 push eax 0x00000047 push edx 0x00000048 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D94D35 second address: D94D3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D94D3B second address: D94D40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D95027 second address: D95045 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5FAD07F456h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D95045 second address: D95049 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D97A5F second address: D97A65 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9B423 second address: D9B42D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F5FACC61D06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9B42D second address: D9B43B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9B43B second address: D9B442 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9B442 second address: D9B44C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F5FAD07F446h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9C047 second address: D9C051 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F5FACC61D06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9C051 second address: D9C055 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA0178 second address: DA017C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA017C second address: DA018F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5FAD07F44Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9C976 second address: D9C97A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9C97A second address: D9C97E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA0360 second address: DA0364 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA1111 second address: DA111B instructions: 0x00000000 rdtsc 0x00000002 jc 00007F5FAD07F44Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA0364 second address: DA036E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA111B second address: DA118B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 mov edi, 7889AA80h 0x0000000e push 00000000h 0x00000010 push 00000000h 0x00000012 push eax 0x00000013 call 00007F5FAD07F448h 0x00000018 pop eax 0x00000019 mov dword ptr [esp+04h], eax 0x0000001d add dword ptr [esp+04h], 00000019h 0x00000025 inc eax 0x00000026 push eax 0x00000027 ret 0x00000028 pop eax 0x00000029 ret 0x0000002a mov bx, 57D4h 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 push edx 0x00000033 call 00007F5FAD07F448h 0x00000038 pop edx 0x00000039 mov dword ptr [esp+04h], edx 0x0000003d add dword ptr [esp+04h], 00000018h 0x00000045 inc edx 0x00000046 push edx 0x00000047 ret 0x00000048 pop edx 0x00000049 ret 0x0000004a mov edi, dword ptr [ebp+122D2D7Bh] 0x00000050 push eax 0x00000051 push edx 0x00000052 pushad 0x00000053 jmp 00007F5FAD07F44Eh 0x00000058 push eax 0x00000059 push edx 0x0000005a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA20FC second address: DA2101 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA319D second address: DA31AC instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jg 00007F5FAD07F446h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA41DD second address: DA4263 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F5FACC61D06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F5FACC61D0Ah 0x0000000f popad 0x00000010 nop 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push ecx 0x00000016 call 00007F5FACC61D08h 0x0000001b pop ecx 0x0000001c mov dword ptr [esp+04h], ecx 0x00000020 add dword ptr [esp+04h], 00000014h 0x00000028 inc ecx 0x00000029 push ecx 0x0000002a ret 0x0000002b pop ecx 0x0000002c ret 0x0000002d jmp 00007F5FACC61D0Ah 0x00000032 push 00000000h 0x00000034 push 00000000h 0x00000036 push ebx 0x00000037 call 00007F5FACC61D08h 0x0000003c pop ebx 0x0000003d mov dword ptr [esp+04h], ebx 0x00000041 add dword ptr [esp+04h], 0000001Ch 0x00000049 inc ebx 0x0000004a push ebx 0x0000004b ret 0x0000004c pop ebx 0x0000004d ret 0x0000004e sub dword ptr [ebp+122D3880h], esi 0x00000054 push edx 0x00000055 cld 0x00000056 pop ebx 0x00000057 xchg eax, esi 0x00000058 pushad 0x00000059 push eax 0x0000005a push edx 0x0000005b jmp 00007F5FACC61D15h 0x00000060 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA51FF second address: DA5203 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA5203 second address: DA5207 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA5207 second address: DA520D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA520D second address: DA526C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007F5FACC61D06h 0x00000009 jmp 00007F5FACC61D13h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 mov dword ptr [esp], eax 0x00000014 jnc 00007F5FACC61D0Ch 0x0000001a and ebx, dword ptr [ebp+122DB877h] 0x00000020 push 00000000h 0x00000022 push 00000000h 0x00000024 push edx 0x00000025 call 00007F5FACC61D08h 0x0000002a pop edx 0x0000002b mov dword ptr [esp+04h], edx 0x0000002f add dword ptr [esp+04h], 0000001Ch 0x00000037 inc edx 0x00000038 push edx 0x00000039 ret 0x0000003a pop edx 0x0000003b ret 0x0000003c movzx edi, bx 0x0000003f push 00000000h 0x00000041 cmc 0x00000042 push eax 0x00000043 push edi 0x00000044 push edi 0x00000045 push eax 0x00000046 push edx 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA61AF second address: DA61B9 instructions: 0x00000000 rdtsc 0x00000002 je 00007F5FAD07F44Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA54B4 second address: DA54B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA7178 second address: DA7195 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5FAD07F459h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA63FE second address: DA6408 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F5FACC61D0Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA7339 second address: DA7343 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F5FAD07F446h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA9049 second address: DA905C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5FACC61D0Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAB0C6 second address: DAB0CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAB0CA second address: DAB14F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F5FACC61D0Fh 0x0000000e pop edx 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push ecx 0x00000013 call 00007F5FACC61D08h 0x00000018 pop ecx 0x00000019 mov dword ptr [esp+04h], ecx 0x0000001d add dword ptr [esp+04h], 00000017h 0x00000025 inc ecx 0x00000026 push ecx 0x00000027 ret 0x00000028 pop ecx 0x00000029 ret 0x0000002a add di, 56D2h 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push eax 0x00000034 call 00007F5FACC61D08h 0x00000039 pop eax 0x0000003a mov dword ptr [esp+04h], eax 0x0000003e add dword ptr [esp+04h], 00000019h 0x00000046 inc eax 0x00000047 push eax 0x00000048 ret 0x00000049 pop eax 0x0000004a ret 0x0000004b jmp 00007F5FACC61D15h 0x00000050 push 00000000h 0x00000052 mov dword ptr [ebp+122D35B8h], edx 0x00000058 xchg eax, esi 0x00000059 push eax 0x0000005a push edx 0x0000005b push esi 0x0000005c pushad 0x0000005d popad 0x0000005e pop esi 0x0000005f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DACD32 second address: DACD39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DADD09 second address: DADD0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DADD0E second address: DADDB5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5FAD07F44Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push ebx 0x0000000d call 00007F5FAD07F448h 0x00000012 pop ebx 0x00000013 mov dword ptr [esp+04h], ebx 0x00000017 add dword ptr [esp+04h], 00000014h 0x0000001f inc ebx 0x00000020 push ebx 0x00000021 ret 0x00000022 pop ebx 0x00000023 ret 0x00000024 jmp 00007F5FAD07F44Eh 0x00000029 push 00000000h 0x0000002b push 00000000h 0x0000002d push edx 0x0000002e call 00007F5FAD07F448h 0x00000033 pop edx 0x00000034 mov dword ptr [esp+04h], edx 0x00000038 add dword ptr [esp+04h], 00000018h 0x00000040 inc edx 0x00000041 push edx 0x00000042 ret 0x00000043 pop edx 0x00000044 ret 0x00000045 push 00000000h 0x00000047 push 00000000h 0x00000049 push edi 0x0000004a call 00007F5FAD07F448h 0x0000004f pop edi 0x00000050 mov dword ptr [esp+04h], edi 0x00000054 add dword ptr [esp+04h], 0000001Dh 0x0000005c inc edi 0x0000005d push edi 0x0000005e ret 0x0000005f pop edi 0x00000060 ret 0x00000061 xchg eax, esi 0x00000062 je 00007F5FAD07F452h 0x00000068 jg 00007F5FAD07F44Ch 0x0000006e push eax 0x0000006f jbe 00007F5FAD07F458h 0x00000075 push eax 0x00000076 push edx 0x00000077 jp 00007F5FAD07F446h 0x0000007d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DACFA1 second address: DACFA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DACFA5 second address: DACFA9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DADF1D second address: DADF22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAEF99 second address: DAEFA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 je 00007F5FAD07F446h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D56DCD second address: D56DD1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB7FC0 second address: DB7FC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB7FC6 second address: DB7FCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB7FCA second address: DB7FCE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB7FCE second address: DB7FD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB7FD6 second address: DB7FE0 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F5FAD07F452h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB8372 second address: DB8380 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F5FACC61D06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB8380 second address: DB838A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB838A second address: DB838E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB838E second address: DB8392 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBB965 second address: DBB969 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBB9F2 second address: DBB9F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBBAFE second address: DBBB08 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F5FACC61D0Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBBB08 second address: DBBB36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jns 00007F5FAD07F44Eh 0x0000000d jnl 00007F5FAD07F448h 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 mov eax, dword ptr [esp+04h] 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F5FAD07F453h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBBB36 second address: DBBB6F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5FACC61D15h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push esi 0x0000000c jmp 00007F5FACC61D12h 0x00000011 pop esi 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push ebx 0x0000001a pop ebx 0x0000001b pop eax 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC191A second address: DC191E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC1E54 second address: DC1E59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC229F second address: DC22A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC248F second address: DC2493 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC2493 second address: DC2497 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC2497 second address: DC24A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ecx 0x00000009 push eax 0x0000000a pushad 0x0000000b push esi 0x0000000c pop esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9D795 second address: D9D7A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 jl 00007F5FAD07F44Eh 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9DB26 second address: D9DB70 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, esi 0x00000009 call 00007F5FACC61D13h 0x0000000e mov dword ptr [ebp+122D3606h], edi 0x00000014 pop edx 0x00000015 nop 0x00000016 pushad 0x00000017 push ecx 0x00000018 jnc 00007F5FACC61D06h 0x0000001e pop ecx 0x0000001f jnl 00007F5FACC61D16h 0x00000025 popad 0x00000026 push eax 0x00000027 pushad 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9DB70 second address: D9DB74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9DB74 second address: D9DB78 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9DC76 second address: D9DCAE instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F5FAD07F446h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d pushad 0x0000000e push eax 0x0000000f pop eax 0x00000010 jnl 00007F5FAD07F446h 0x00000016 popad 0x00000017 jmp 00007F5FAD07F457h 0x0000001c popad 0x0000001d mov eax, dword ptr [esp+04h] 0x00000021 push ebx 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9DCAE second address: D9DCC1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov eax, dword ptr [eax] 0x00000009 js 00007F5FACC61D14h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 pop eax 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9DCC1 second address: D9DCC5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9DD7E second address: D9DD83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9DE9F second address: D9DEA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9DEA3 second address: D9DEE4 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jc 00007F5FACC61D06h 0x0000000d jmp 00007F5FACC61D0Bh 0x00000012 popad 0x00000013 popad 0x00000014 mov dword ptr [esp], eax 0x00000017 jnc 00007F5FACC61D08h 0x0000001d or di, A504h 0x00000022 push 00000004h 0x00000024 mov edx, dword ptr [ebp+1245EE53h] 0x0000002a nop 0x0000002b pushad 0x0000002c jns 00007F5FACC61D08h 0x00000032 pushad 0x00000033 popad 0x00000034 pushad 0x00000035 pushad 0x00000036 popad 0x00000037 push eax 0x00000038 push edx 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9DEE4 second address: D9DF02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F5FAD07F455h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9E26F second address: D9E275 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9E275 second address: D9E2C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 0000001Eh 0x0000000d push 00000000h 0x0000000f push ebx 0x00000010 call 00007F5FAD07F448h 0x00000015 pop ebx 0x00000016 mov dword ptr [esp+04h], ebx 0x0000001a add dword ptr [esp+04h], 00000014h 0x00000022 inc ebx 0x00000023 push ebx 0x00000024 ret 0x00000025 pop ebx 0x00000026 ret 0x00000027 mov dword ptr [ebp+122D34D9h], ebx 0x0000002d mov dword ptr [ebp+122D3AE5h], ecx 0x00000033 nop 0x00000034 push eax 0x00000035 push edx 0x00000036 jmp 00007F5FAD07F454h 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9E2C1 second address: D9E2C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9E2C7 second address: D9E2CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9E2CB second address: D9E2CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9E642 second address: D9E646 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9E646 second address: D9E64C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9E64C second address: D9E652 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9E652 second address: D9E6AE instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push esi 0x0000000c call 00007F5FACC61D08h 0x00000011 pop esi 0x00000012 mov dword ptr [esp+04h], esi 0x00000016 add dword ptr [esp+04h], 00000015h 0x0000001e inc esi 0x0000001f push esi 0x00000020 ret 0x00000021 pop esi 0x00000022 ret 0x00000023 jng 00007F5FACC61D0Ch 0x00000029 mov dword ptr [ebp+122D1DCCh], esi 0x0000002f lea eax, dword ptr [ebp+1248D0C4h] 0x00000035 pushad 0x00000036 xor si, F0D5h 0x0000003b mov edx, dword ptr [ebp+12455764h] 0x00000041 popad 0x00000042 nop 0x00000043 pushad 0x00000044 push edi 0x00000045 jmp 00007F5FACC61D10h 0x0000004a pop edi 0x0000004b pushad 0x0000004c push eax 0x0000004d push edx 0x0000004e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9E6AE second address: D9E6C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F5FAD07F446h 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jp 00007F5FAD07F44Ch 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9E6C9 second address: D9E704 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 mov cx, 2C21h 0x0000000d lea eax, dword ptr [ebp+1248D080h] 0x00000013 add ecx, 4A162F87h 0x00000019 nop 0x0000001a jo 00007F5FACC61D1Ch 0x00000020 push eax 0x00000021 push edx 0x00000022 push ebx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC6D4F second address: DC6D54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC6D54 second address: DC6D5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jne 00007F5FACC61D06h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC6EC3 second address: DC6EC9 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC704E second address: DC7056 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC7056 second address: DC7060 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F5FAD07F446h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC7060 second address: DC706F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC7485 second address: DC748B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC748B second address: DC7495 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F5FACC61D06h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D588BD second address: D588C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D588C1 second address: D588DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F5FACC61D0Fh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCCCDA second address: DCCCE6 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F5FAD07F44Eh 0x00000008 push esi 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCCE77 second address: DCCE89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5FACC61D0Dh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCCE89 second address: DCCEAF instructions: 0x00000000 rdtsc 0x00000002 js 00007F5FAD07F448h 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jng 00007F5FAD07F446h 0x00000012 jmp 00007F5FAD07F454h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCC89C second address: DCC8B6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jp 00007F5FACC61D06h 0x0000000d jno 00007F5FACC61D06h 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCC8B6 second address: DCC8BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCD5EF second address: DCD5F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCD7B3 second address: DCD7C3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5FAD07F44Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCD7C3 second address: DCD7E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F5FACC61D06h 0x0000000a jmp 00007F5FACC61D18h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCD7E5 second address: DCD7F9 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F5FAD07F446h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jnc 00007F5FAD07F446h 0x00000012 push edx 0x00000013 pop edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCD989 second address: DCD991 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCDC5D second address: DCDC61 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCDC61 second address: DCDC67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD114B second address: DD1152 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD1152 second address: DD1170 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5FACC61D18h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD53AD second address: DD53B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD53B1 second address: DD53BB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD53BB second address: DD53BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD59B5 second address: DD59C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5FACC61D0Ch 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD59C6 second address: DD59ED instructions: 0x00000000 rdtsc 0x00000002 jc 00007F5FAD07F448h 0x00000008 pushad 0x00000009 popad 0x0000000a push esi 0x0000000b push edi 0x0000000c pop edi 0x0000000d push eax 0x0000000e pop eax 0x0000000f pop esi 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F5FAD07F453h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD5B52 second address: DD5B57 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD5B57 second address: DD5B66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop eax 0x00000007 js 00007F5FAD07F44Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD5B66 second address: DD5B8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 jnc 00007F5FACC61D06h 0x0000000f jmp 00007F5FACC61D14h 0x00000014 pop edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD5E77 second address: DD5E84 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 jne 00007F5FAD07F446h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD6052 second address: DD6056 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD6056 second address: DD6093 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F5FAD07F446h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jbe 00007F5FAD07F44Ch 0x00000012 je 00007F5FAD07F446h 0x00000018 push edi 0x00000019 pushad 0x0000001a popad 0x0000001b pushad 0x0000001c popad 0x0000001d pop edi 0x0000001e popad 0x0000001f je 00007F5FAD07F46Eh 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007F5FAD07F454h 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD6093 second address: DD6097 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD6097 second address: DD609D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD61DC second address: DD61E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD61E2 second address: DD61E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD61E6 second address: DD621B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F5FACC61D14h 0x0000000e jmp 00007F5FACC61D15h 0x00000013 push esi 0x00000014 pop esi 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD621B second address: DD6227 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F5FAD07F446h 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD6227 second address: DD622B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD64CA second address: DD64D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD690D second address: DD6913 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD6913 second address: DD6917 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD6917 second address: DD695F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jne 00007F5FACC61D06h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jns 00007F5FACC61D1Ah 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 pushad 0x00000016 popad 0x00000017 jbe 00007F5FACC61D06h 0x0000001d jmp 00007F5FACC61D12h 0x00000022 popad 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD695F second address: DD6965 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD6965 second address: DD696B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD696B second address: DD6971 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD6971 second address: DD6975 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD9A10 second address: DD9A16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5BEC7 second address: D5BEDF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push esi 0x0000000a pop esi 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d jg 00007F5FACC61D06h 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 push edi 0x00000017 pop edi 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDB93C second address: DDB942 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDB942 second address: DDB948 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE6DE second address: DDE6EC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE6EC second address: DDE6F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE6F2 second address: DDE6F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE9A2 second address: DDE9E5 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F5FACC61D06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007F5FACC61D17h 0x00000012 jbe 00007F5FACC61D06h 0x00000018 popad 0x00000019 push esi 0x0000001a jmp 00007F5FACC61D15h 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE9E5 second address: DDEA04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 jnp 00007F5FAD07F446h 0x0000000c jnc 00007F5FAD07F446h 0x00000012 pop eax 0x00000013 popad 0x00000014 jbe 00007F5FAD07F450h 0x0000001a pushad 0x0000001b pushad 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE3A10 second address: DE3A14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE2E6E second address: DE2E9D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5FAD07F44Bh 0x00000007 jmp 00007F5FAD07F459h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE2E9D second address: DE2EA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE31A0 second address: DE31A5 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE7066 second address: DE707B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5FACC61D11h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE707B second address: DE707F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE7324 second address: DE733C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jl 00007F5FACC61D06h 0x00000012 jp 00007F5FACC61D06h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE733C second address: DE7340 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE7340 second address: DE734C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F5FACC61D06h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE734C second address: DE7352 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DECD01 second address: DECD05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DECD05 second address: DECD09 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DECD09 second address: DECD1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 js 00007F5FACC61D06h 0x0000000f push edi 0x00000010 pop edi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DECD1C second address: DECD26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DECD26 second address: DECD55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F5FACC61D06h 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f push esi 0x00000010 jmp 00007F5FACC61D0Eh 0x00000015 pop esi 0x00000016 jc 00007F5FACC61D0Ch 0x0000001c jnp 00007F5FACC61D06h 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DEB7BB second address: DEB7C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DEB7C1 second address: DEB7C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D46158 second address: D4615E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DEB936 second address: DEB946 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop eax 0x00000007 pushad 0x00000008 jc 00007F5FACC61D06h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DEB946 second address: DEB96C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F5FAD07F446h 0x0000000a jng 00007F5FAD07F446h 0x00000010 popad 0x00000011 pop edi 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F5FAD07F452h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9E116 second address: D9E11A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9E11A second address: D9E12D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5FAD07F44Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9E12D second address: D9E169 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F5FACC61D08h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b cmc 0x0000000c push 00000004h 0x0000000e push 00000000h 0x00000010 push ecx 0x00000011 call 00007F5FACC61D08h 0x00000016 pop ecx 0x00000017 mov dword ptr [esp+04h], ecx 0x0000001b add dword ptr [esp+04h], 00000015h 0x00000023 inc ecx 0x00000024 push ecx 0x00000025 ret 0x00000026 pop ecx 0x00000027 ret 0x00000028 mov ecx, esi 0x0000002a mov dword ptr [ebp+122D3856h], eax 0x00000030 push eax 0x00000031 push eax 0x00000032 push edx 0x00000033 push eax 0x00000034 push edx 0x00000035 push ecx 0x00000036 pop ecx 0x00000037 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9E169 second address: D9E173 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F5FAD07F446h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9E173 second address: D9E181 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5FACC61D0Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF2D1C second address: DF2D21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF2E87 second address: DF2E93 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 ja 00007F5FACC61D06h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF317B second address: DF317F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF317F second address: DF318A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF3447 second address: DF3457 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F5FAD07F44Bh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF3457 second address: DF345D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF345D second address: DF3461 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF3749 second address: DF3765 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5FACC61D18h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF3765 second address: DF377E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jnc 00007F5FAD07F446h 0x0000000b js 00007F5FAD07F446h 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF377E second address: DF3790 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5FACC61D0Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF3790 second address: DF37AC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jnp 00007F5FAD07F446h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jns 00007F5FAD07F446h 0x00000013 push edx 0x00000014 pop edx 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 push ecx 0x00000019 pop ecx 0x0000001a push ecx 0x0000001b pop ecx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF37AC second address: DF37C8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5FACC61D18h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF48F0 second address: DF48F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF91D1 second address: DF91F6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5FACC61D0Eh 0x00000007 jc 00007F5FACC61D0Eh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push esi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF91F6 second address: DF91FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF91FC second address: DF921A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jbe 00007F5FACC61D19h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF921A second address: DF9222 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push esi 0x00000007 pop esi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DFA8B6 second address: DFA8BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DFA8BA second address: DFA8C4 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F5FAD07F446h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DFDE41 second address: DFDE85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F5FACC61D14h 0x0000000b popad 0x0000000c jns 00007F5FACC61D12h 0x00000012 jng 00007F5FACC61D08h 0x00000018 push eax 0x00000019 pop eax 0x0000001a pushad 0x0000001b pushad 0x0000001c popad 0x0000001d pushad 0x0000001e popad 0x0000001f popad 0x00000020 popad 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 push ebx 0x00000025 pop ebx 0x00000026 pushad 0x00000027 popad 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DFDE85 second address: DFDE8F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F5FAD07F446h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DFDE8F second address: DFDE9E instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F5FACC61D06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E06C98 second address: E06C9E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E06C9E second address: E06CAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a jnp 00007F5FACC61D06h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E04F2B second address: E04F44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5FAD07F451h 0x00000009 pop ebx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E04F44 second address: E04F5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5FACC61D10h 0x00000009 push esi 0x0000000a pop esi 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E04F5B second address: E04F62 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0548A second address: E05495 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E05495 second address: E054A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5FAD07F44Bh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E05778 second address: E05786 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jns 00007F5FACC61D06h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E05786 second address: E0578A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0578A second address: E05796 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E05796 second address: E0579B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0579B second address: E057A4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E04A9B second address: E04AA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E04AA0 second address: E04AC2 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop edi 0x00000006 push esi 0x00000007 jno 00007F5FACC61D06h 0x0000000d jp 00007F5FACC61D06h 0x00000013 pop esi 0x00000014 pop edx 0x00000015 pop eax 0x00000016 pushad 0x00000017 pushad 0x00000018 push edx 0x00000019 pop edx 0x0000001a ja 00007F5FACC61D06h 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0C1D3 second address: E0C1F0 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F5FAD07F446h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d ja 00007F5FAD07F44Ch 0x00000013 jp 00007F5FAD07F446h 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0C1F0 second address: E0C1F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0FB57 second address: E0FB72 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5FAD07F456h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0FB72 second address: E0FB78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0FB78 second address: E0FB7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D500F9 second address: D50110 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F5FACC61D12h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D50110 second address: D50116 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1DCCB second address: E1DCD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1D825 second address: E1D82F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1D82F second address: E1D83E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5FACC61D0Ah 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1D83E second address: E1D84D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F5FAD07F44Ah 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E242C9 second address: E242D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E23CDE second address: E23CEA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 je 00007F5FAD07F446h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E2D2B9 second address: E2D2C5 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F5FACC61D0Eh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E2F463 second address: E2F46D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E2F46D second address: E2F473 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E2F473 second address: E2F47D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E33DB8 second address: E33DD7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5FACC61D12h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push edi 0x0000000f pop edi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E33DD7 second address: E33DFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5FAD07F454h 0x00000009 popad 0x0000000a push ebx 0x0000000b jo 00007F5FAD07F446h 0x00000011 jns 00007F5FAD07F446h 0x00000017 pop ebx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E33DFE second address: E33E03 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E35C8F second address: E35CC1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b jmp 00007F5FAD07F44Fh 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F5FAD07F456h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E35CC1 second address: E35CC5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E3DF1D second address: E3DF21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E3DF21 second address: E3DF26 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E3CD1B second address: E3CD24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E3CE76 second address: E3CE88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5FACC61D0Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E3CFF2 second address: E3CFF8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E3CFF8 second address: E3CFFE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E41693 second address: E416A4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5FAD07F44Bh 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4B2F8 second address: E4B2FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4D0B8 second address: E4D0C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F5FAD07F446h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4D0C2 second address: E4D0DC instructions: 0x00000000 rdtsc 0x00000002 je 00007F5FACC61D06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push esi 0x0000000c pop esi 0x0000000d jnl 00007F5FACC61D06h 0x00000013 jbe 00007F5FACC61D06h 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4D0DC second address: E4D0E1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E611B2 second address: E611C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F5FACC61D06h 0x0000000a popad 0x0000000b push edi 0x0000000c jp 00007F5FACC61D06h 0x00000012 pop edi 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E63FF1 second address: E63FF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E63FF6 second address: E63FFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E63CF0 second address: E63CF4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E63CF4 second address: E63CFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E63CFA second address: E63D08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007F5FAD07F446h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E63D08 second address: E63D10 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7C793 second address: E7C7BA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007F5FAD07F446h 0x00000009 jmp 00007F5FAD07F456h 0x0000000e jp 00007F5FAD07F446h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7CC3C second address: E7CC50 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F5FACC61D08h 0x00000008 push eax 0x00000009 push edx 0x0000000a jg 00007F5FACC61D06h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7CC50 second address: E7CC54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7D2B0 second address: E7D2C0 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007F5FACC61D0Eh 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7D430 second address: E7D436 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7D436 second address: E7D43A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7D43A second address: E7D43E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7EDD1 second address: E7EDD7 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4820B8E second address: 4820BD5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5FAD07F451h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ecx, dword ptr [eax+00000FDCh] 0x0000000f jmp 00007F5FAD07F44Eh 0x00000014 test ecx, ecx 0x00000016 jmp 00007F5FAD07F450h 0x0000001b jns 00007F5FAD07F494h 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4820BD5 second address: 4820BD9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4820BD9 second address: 4820BDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4820BDF second address: 4820BEE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5FACC61D0Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4820BEE second address: 4820C89 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5FAD07F459h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b add eax, ecx 0x0000000d jmp 00007F5FAD07F44Eh 0x00000012 mov eax, dword ptr [eax+00000860h] 0x00000018 jmp 00007F5FAD07F450h 0x0000001d test eax, eax 0x0000001f jmp 00007F5FAD07F450h 0x00000024 je 00007F601F195560h 0x0000002a pushad 0x0000002b call 00007F5FAD07F44Eh 0x00000030 mov ch, 31h 0x00000032 pop edi 0x00000033 pushfd 0x00000034 jmp 00007F5FAD07F44Ch 0x00000039 or eax, 5906C468h 0x0000003f jmp 00007F5FAD07F44Bh 0x00000044 popfd 0x00000045 popad 0x00000046 test byte ptr [eax+04h], 00000005h 0x0000004a push eax 0x0000004b push edx 0x0000004c pushad 0x0000004d mov bx, 33D6h 0x00000051 popad 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D96D60 second address: D96D64 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: BE3C80 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: BE3D9F instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: BE3C86 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: D8AAA9 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: D9D477 instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe TID: 2084

Thread sleep time: -60000s >= -30000s

Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000003.2195582269.000000000056E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2214899190.000000000056E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW-
Source: file.exe, 00000000.00000002.2214899190.0000000000583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2214770282.000000000050E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00BC5BB0 LdrInitializeThunk,

0_2_00BC5BB0

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: file.exe	String found in binary or memory: licendfilteo.site
Source: file.exe	String found in binary or memory: clearancek.site
Source: file.exe	String found in binary or memory: bathdoomgaz.stor
Source: file.exe	String found in binary or memory: spirittunek.stor
Source: file.exe	String found in binary or memory: dissapoiznw.stor
Source: file.exe	String found in binary or memory: studennotediw.stor
Source: file.exe	String found in binary or memory: mobbipenju.stor
Source: file.exe	String found in binary or memory: eaglepawnoy.stor

Source: file.exe, 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: eQProgram Manager

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 PowerShell	1 DLL Side-Loading	1 Process Injection	24 Virtualization/Sandbox Evasion	OS Credential Dumping	631 Security Software Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Process Injection	LSASS Memory	24 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	11 Deobfuscate/Decode Files or Information	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	4 Obfuscated Files or Information	NTDS	23 System Information Discovery	Distributed Component Object Model	Input Capture	113 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
https://player.vimeo.com	0%	URL Reputation	safe
https://help.steampowered.com/en/	0%	URL Reputation	safe
https://store.steampowered.com/news/	0%	URL Reputation	safe
https://store.steampowered.com/subscriber_agreement/	0%	URL Reputation	safe
https://www.gstatic.cn/recaptcha/	0%	URL Reputation	safe
http://store.steampowered.com/subscriber_agreement/	0%	URL Reputation	safe
https://recaptcha.net/recaptcha/;	0%	URL Reputation	safe
http://www.valvesoftware.com/legal.htm	0%	URL Reputation	safe
https://store.steampowered.com/stats/	0%	URL Reputation	safe
https://medal.tv	0%	URL Reputation	safe
https://broadcast.st.dl.eccdnx.com	0%	URL Reputation	safe
https://store.steampowered.com/steam_refunds/	0%	URL Reputation	safe
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	0%	URL Reputation	safe
https://login.steampowered.com/	0%	URL Reputation	safe
https://store.steampowered.com/legal/	0%	URL Reputation	safe
https://steam.tv/	0%	URL Reputation	safe
http://store.steampowered.com/privacy_agreement/	0%	URL Reputation	safe
https://steamcommunity.com:443/profiles/76561199724331900	100%	URL Reputation	malware
https://store.steampowered.com/points/shop/	0%	URL Reputation	safe
https://recaptcha.net	0%	URL Reputation	safe
https://store.steampowered.com/	0%	URL Reputation	safe
https://lv.queniujq.cn	0%	URL Reputation	safe
https://store.steampowered.com/privacy_agreement/	0%	URL Reputation	safe
https://checkout.steampowered.com/	0%	URL Reputation	safe
https://help.steampowered.com/	0%	URL Reputation	safe
https://api.steampowered.com/	0%	URL Reputation	safe
http://store.steampowered.com/account/cookiepreferences/	0%	URL Reputation	safe
https://store.steampowered.com/mobile	0%	URL Reputation	safe
https://store.steampowered.com/;	0%	URL Reputation	safe
https://store.steampowered.com/about/	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
steamcommunity.com	104.102.49.254	true	true	unknown
eaglepawnoy.store	unknown	unknown	true	unknown
bathdoomgaz.store	unknown	unknown	true	unknown
spirittunek.store	unknown	unknown	true	unknown
licendfilteo.site	unknown	unknown	true	unknown
studennotediw.store	unknown	unknown	true	unknown
mobbipenju.store	unknown	unknown	true	unknown
clearancek.site	unknown	unknown	true	unknown
dissapoiznw.store	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Reputation
bathdoomgaz.store	true	unknown
studennotediw.store	true	unknown
clearancek.site	true	unknown
dissapoiznw.store	true	unknown
https://steamcommunity.com/profiles/76561199724331900	true	unknown
spirittunek.store	true	unknown
licendfilteo.site	true	unknown
eaglepawnoy.store	true	unknown
mobbipenju.store	true	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://steamcommunity.com/my/wishlist/	file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://player.vimeo.com	file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL&l=	file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/?subsection=broadcasts	file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://help.steampowered.com/en/	file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/market/	file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/news/	file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/shared/css/motiva_sans.css?v=v7XTmVzbLV33&l=english	file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/(	file.exe, 00000000.00000002.2214899190.0000000000565000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2195582269.0000000000563000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/javascript/global.js?v=7qlUmHSJhPRN&l=english	file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/css/globalv2.css?v=dQy8Omh4p9PH&l=english	file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/subscriber_agreement/	file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.gstatic.cn/recaptcha/	file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://store.steampowered.com/subscriber_agreement/	file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2195691419.0000000000561000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2214859085.0000000000561000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org	file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2195691419.0000000000561000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2214859085.0000000000561000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://recaptcha.net/recaptcha/;	file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/javascript/applications/community/manifest.js?v=r7a4-LYcQOj	file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2195582269.0000000000563000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.valvesoftware.com/legal.htm	file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/discussions/	file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.youtube.com	file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.google.com	file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/stats/	file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://bathdoomgaz.store:443/apipg	file.exe, 00000000.00000003.2195691419.000000000054E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2214859085.000000000054E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://medal.tv	file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://broadcast.st.dl.eccdnx.com	file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/steam_refunds/	file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0	file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1	file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2195691419.0000000000561000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2214859085.0000000000561000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/shared/css/buttons.css?v=-WV9f1LdxEjq&l=english	file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/javascript/applications/community/libraries~b28b7af69.js?v=	file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2195582269.0000000000563000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900	file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/	file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/	file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/css/applications/community/main.css?v=DVae4t4RZiHA&l=en	file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2195582269.0000000000563000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://clearancek.site:443/api	file.exe, 00000000.00000003.2195691419.000000000054E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2214859085.000000000054E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://s.ytimg.com;	file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/workshop/	file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://login.steampowered.com/	file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/shared/images/responsive/header_logo.png	file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://eaglepawnoy.store:443/api	file.exe, 00000000.00000003.2195691419.000000000054E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2214859085.000000000054E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/legal/	file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2195691419.0000000000561000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2214859085.0000000000561000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://clearancek.site/api7	file.exe, 00000000.00000002.2214899190.0000000000583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steam.tv/	file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016	file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.c	file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC	file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/css/skin_1/header.css?v=pTvrRy1pm52p&l=english	file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://store.steampowered.com/privacy_agreement/	file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2195691419.0000000000561000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2214859085.0000000000561000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com:443/profiles/76561199724331900	file.exe, 00000000.00000003.2195691419.000000000054E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2214859085.000000000054E000.00000004.00000020.00020000.00000000.sdmp	true	URL Reputation: malware	unknown
https://store.steampowered.com/points/shop/	file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://recaptcha.net	file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/javascript/applications/community/main.js?v=4XouecKy8sZy&am	file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2195691419.0000000000561000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2214859085.0000000000561000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/	file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/shared/javascript/shared_global.js?v=7glT1n_nkVCs&l=eng	file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com	file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2195691419.0000000000561000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2214859085.0000000000561000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://sketchfab.com	file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/profiles/76561199724331900&&	file.exe, 00000000.00000002.2214770282.0000000000545000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://lv.queniujq.cn	file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.youtube.com/	file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://127.0.0.1:27060	file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/shared/css/shared_global.css?v=uF6G1wyNU-4c&l=english	file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png	file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/privacy_agreement/	file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://clearancek.site:443/apii	file.exe, 00000000.00000003.2195691419.000000000054E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2214859085.000000000054E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&l=engl	file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://spirittunek.store:443/api	file.exe, 00000000.00000003.2195691419.000000000054E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2214859085.000000000054E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.google.com/recaptcha/	file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://checkout.steampowered.com/	file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw	file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://help.steampowered.com/	file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd883ccb3237fa39	file.exe, 00000000.00000002.2214899190.0000000000583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://api.steampowered.com/	file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/css/skin_1/fatalerror.css?v=wctRWaBvNt2z&l=english	file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvIAKtunf	file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/shared/css/shared_responsive.css?v=kR9MtmbWSZEp&l=engli	file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://store.steampowered.com/account/cookiepreferences/	file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2195691419.0000000000561000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2214859085.0000000000561000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/mobile	file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/	file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/;	file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2214899190.0000000000583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2195582269.0000000000583000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/about/	file.exe, 00000000.00000003.2195560224.00000000005CC000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.102.49.254	steamcommunity.com	United States		16625	AKAMAI-ASUS	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1538479
Start date and time:	2024-10-21 11:36:07 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 40s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	2
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@1/0@9/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): dllhost.exe
Excluded domains from analysis (whitelisted): client.wns.windows.com, otelrules.azureedge.net
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: file.exe

Simulations

Behavior and APIs

Time	Type	Description
05:37:08	API Interceptor	2x Sleep call for process: file.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.102.49.254	http://gtm-cn-j4g3qqvf603.steamproxy1.com/	Get hash	malicious	Unknown	Browse	www.valvesoftware.com/legal.htm

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
steamcommunity.com	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	23.199.218.33
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASUS	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	23.199.218.33
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	bin.armv7l.elf	Get hash	malicious	Mirai	Browse	104.115.251.102
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.569839379869739
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	2'986'496 bytes
MD5:	dc43c9288aea0674eedfbe45f76ce6cc
SHA1:	10bfb95432e5f7ae66ef733ff82f9754dbfdd058
SHA256:	96681940b7062345ddf56e494ee4f177098d5789c38eba3f6d751389a029d25a
SHA512:	433afb47105cbd4822c40111088e374556c0275fb92a292f654363135ebae5a009ed3dc9888fe6d8b404d71ba6e56eab6fdb0d6c5ab846686b1c088336e6a19d
SSDEEP:	49152:yhMyEE9g19hbLO/RJyNPF0kiog3DLwgUI/BVuXCFqtVnuqvO:yWZE9g1DbLO/RJcPFi3DEgUIJVuXCaN2
TLSH:	85D52A65644AB1CBD48E2B7C9567CEC3686D43FA072148D39C68BDBABE63CC011B9C1D
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...J..f..............................1...........@..........................@1.......-...@.................................W...k..

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x711000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66FFF14A [Fri Oct 4 13:44:42 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F5FAC7F7E6Ah
pshufw mm5, qword ptr [00000000h], 00h
jmp 00007F5FAC7F9E65h
add byte ptr [edx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+00h], ah
add byte ptr [eax], al
aam 8Fh
fmul qword ptr [edi]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [ecx], eax
add byte ptr [eax], al
add byte ptr [eax], al
add cl, byte ptr [edx]
add byte ptr [eax], al
or dword ptr [edx], ecx
add byte ptr [eax], al
or cl, byte ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add cl, byte ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x5f057	0x6b	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x5f1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x5d000	0x25e00	0502a91de7b0e77507a6a6f2787b1ac1	False	0.9996132425742574	data	7.988947159062327	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x5e000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x5f000	0x1000	0x200	fe72def8b74193a84232a780098a7ce0	False	0.150390625	data	1.04205214219471	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
ugbetnis	0x60000	0x2b0000	0x2afa00	57b11fbc4d980634ee50a8eac73f7280	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
nmfuvorh	0x310000	0x1000	0x600	4fc342b023f964f297609bced9954253	False	0.5403645833333334	data	4.847282902054044	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x311000	0x3000	0x2200	bb08a69b1258b85a5e77454c3dd884e7	False	0.06399356617647059	DOS executable (COM)	0.7896312487876562	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-21T11:37:09.115957+0200	2056471	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)	1	192.168.2.6	61633	1.1.1.1	53	UDP
2024-10-21T11:37:09.129063+0200	2056485	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)	1	192.168.2.6	52867	1.1.1.1	53	UDP
2024-10-21T11:37:09.141421+0200	2056483	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)	1	192.168.2.6	53030	1.1.1.1	53	UDP
2024-10-21T11:37:09.153895+0200	2056481	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)	1	192.168.2.6	62675	1.1.1.1	53	UDP
2024-10-21T11:37:09.166262+0200	2056479	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)	1	192.168.2.6	53312	1.1.1.1	53	UDP
2024-10-21T11:37:09.179095+0200	2056477	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)	1	192.168.2.6	56684	1.1.1.1	53	UDP
2024-10-21T11:37:09.192144+0200	2056475	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)	1	192.168.2.6	54440	1.1.1.1	53	UDP
2024-10-21T11:37:09.203784+0200	2056473	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)	1	192.168.2.6	55726	1.1.1.1	53	UDP
2024-10-21T11:37:10.811890+0200	2858666	ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup	1	192.168.2.6	49711	104.102.49.254	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 21, 2024 11:37:09.241008043 CEST	49711	443	192.168.2.6	104.102.49.254
Oct 21, 2024 11:37:09.241064072 CEST	443	49711	104.102.49.254	192.168.2.6
Oct 21, 2024 11:37:09.241240978 CEST	49711	443	192.168.2.6	104.102.49.254
Oct 21, 2024 11:37:09.244077921 CEST	49711	443	192.168.2.6	104.102.49.254
Oct 21, 2024 11:37:09.244096994 CEST	443	49711	104.102.49.254	192.168.2.6
Oct 21, 2024 11:37:10.201770067 CEST	443	49711	104.102.49.254	192.168.2.6
Oct 21, 2024 11:37:10.201901913 CEST	49711	443	192.168.2.6	104.102.49.254
Oct 21, 2024 11:37:10.204386950 CEST	49711	443	192.168.2.6	104.102.49.254
Oct 21, 2024 11:37:10.204396963 CEST	443	49711	104.102.49.254	192.168.2.6
Oct 21, 2024 11:37:10.204667091 CEST	443	49711	104.102.49.254	192.168.2.6
Oct 21, 2024 11:37:10.247065067 CEST	49711	443	192.168.2.6	104.102.49.254
Oct 21, 2024 11:37:10.252321959 CEST	49711	443	192.168.2.6	104.102.49.254
Oct 21, 2024 11:37:10.299417973 CEST	443	49711	104.102.49.254	192.168.2.6
Oct 21, 2024 11:37:10.811932087 CEST	443	49711	104.102.49.254	192.168.2.6
Oct 21, 2024 11:37:10.811960936 CEST	443	49711	104.102.49.254	192.168.2.6
Oct 21, 2024 11:37:10.812004089 CEST	443	49711	104.102.49.254	192.168.2.6
Oct 21, 2024 11:37:10.812027931 CEST	443	49711	104.102.49.254	192.168.2.6
Oct 21, 2024 11:37:10.812048912 CEST	443	49711	104.102.49.254	192.168.2.6
Oct 21, 2024 11:37:10.812064886 CEST	49711	443	192.168.2.6	104.102.49.254
Oct 21, 2024 11:37:10.812091112 CEST	443	49711	104.102.49.254	192.168.2.6
Oct 21, 2024 11:37:10.812113047 CEST	49711	443	192.168.2.6	104.102.49.254
Oct 21, 2024 11:37:10.812146902 CEST	49711	443	192.168.2.6	104.102.49.254
Oct 21, 2024 11:37:10.812711000 CEST	443	49711	104.102.49.254	192.168.2.6
Oct 21, 2024 11:37:10.812762976 CEST	443	49711	104.102.49.254	192.168.2.6
Oct 21, 2024 11:37:10.812783003 CEST	49711	443	192.168.2.6	104.102.49.254
Oct 21, 2024 11:37:10.812789917 CEST	443	49711	104.102.49.254	192.168.2.6
Oct 21, 2024 11:37:10.812803030 CEST	443	49711	104.102.49.254	192.168.2.6
Oct 21, 2024 11:37:10.812832117 CEST	49711	443	192.168.2.6	104.102.49.254
Oct 21, 2024 11:37:10.812855959 CEST	49711	443	192.168.2.6	104.102.49.254
Oct 21, 2024 11:37:10.815227032 CEST	49711	443	192.168.2.6	104.102.49.254
Oct 21, 2024 11:37:10.815242052 CEST	443	49711	104.102.49.254	192.168.2.6
Oct 21, 2024 11:37:10.815253019 CEST	49711	443	192.168.2.6	104.102.49.254
Oct 21, 2024 11:37:10.815258980 CEST	443	49711	104.102.49.254	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 21, 2024 11:37:09.115957022 CEST	61633	53	192.168.2.6	1.1.1.1
Oct 21, 2024 11:37:09.125046968 CEST	53	61633	1.1.1.1	192.168.2.6
Oct 21, 2024 11:37:09.129062891 CEST	52867	53	192.168.2.6	1.1.1.1
Oct 21, 2024 11:37:09.138958931 CEST	53	52867	1.1.1.1	192.168.2.6
Oct 21, 2024 11:37:09.141421080 CEST	53030	53	192.168.2.6	1.1.1.1
Oct 21, 2024 11:37:09.151236057 CEST	53	53030	1.1.1.1	192.168.2.6
Oct 21, 2024 11:37:09.153894901 CEST	62675	53	192.168.2.6	1.1.1.1
Oct 21, 2024 11:37:09.163829088 CEST	53	62675	1.1.1.1	192.168.2.6
Oct 21, 2024 11:37:09.166261911 CEST	53312	53	192.168.2.6	1.1.1.1
Oct 21, 2024 11:37:09.176666021 CEST	53	53312	1.1.1.1	192.168.2.6
Oct 21, 2024 11:37:09.179095030 CEST	56684	53	192.168.2.6	1.1.1.1
Oct 21, 2024 11:37:09.189217091 CEST	53	56684	1.1.1.1	192.168.2.6
Oct 21, 2024 11:37:09.192143917 CEST	54440	53	192.168.2.6	1.1.1.1
Oct 21, 2024 11:37:09.201179028 CEST	53	54440	1.1.1.1	192.168.2.6
Oct 21, 2024 11:37:09.203783989 CEST	55726	53	192.168.2.6	1.1.1.1
Oct 21, 2024 11:37:09.222758055 CEST	53	55726	1.1.1.1	192.168.2.6
Oct 21, 2024 11:37:09.227453947 CEST	59873	53	192.168.2.6	1.1.1.1
Oct 21, 2024 11:37:09.236263990 CEST	53	59873	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 21, 2024 11:37:09.115957022 CEST	192.168.2.6	1.1.1.1	0x824b	Standard query (0)	clearancek.site	A (IP address)	IN (0x0001)	false
Oct 21, 2024 11:37:09.129062891 CEST	192.168.2.6	1.1.1.1	0x4a85	Standard query (0)	mobbipenju.store	A (IP address)	IN (0x0001)	false
Oct 21, 2024 11:37:09.141421080 CEST	192.168.2.6	1.1.1.1	0x810b	Standard query (0)	eaglepawnoy.store	A (IP address)	IN (0x0001)	false
Oct 21, 2024 11:37:09.153894901 CEST	192.168.2.6	1.1.1.1	0x84a	Standard query (0)	dissapoiznw.store	A (IP address)	IN (0x0001)	false
Oct 21, 2024 11:37:09.166261911 CEST	192.168.2.6	1.1.1.1	0x608e	Standard query (0)	studennotediw.store	A (IP address)	IN (0x0001)	false
Oct 21, 2024 11:37:09.179095030 CEST	192.168.2.6	1.1.1.1	0x6c2d	Standard query (0)	bathdoomgaz.store	A (IP address)	IN (0x0001)	false
Oct 21, 2024 11:37:09.192143917 CEST	192.168.2.6	1.1.1.1	0x5448	Standard query (0)	spirittunek.store	A (IP address)	IN (0x0001)	false
Oct 21, 2024 11:37:09.203783989 CEST	192.168.2.6	1.1.1.1	0x80d0	Standard query (0)	licendfilteo.site	A (IP address)	IN (0x0001)	false
Oct 21, 2024 11:37:09.227453947 CEST	192.168.2.6	1.1.1.1	0x33ad	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 21, 2024 11:37:09.125046968 CEST	1.1.1.1	192.168.2.6	0x824b	Name error (3)	clearancek.site	none	none	A (IP address)	IN (0x0001)	false
Oct 21, 2024 11:37:09.138958931 CEST	1.1.1.1	192.168.2.6	0x4a85	Name error (3)	mobbipenju.store	none	none	A (IP address)	IN (0x0001)	false
Oct 21, 2024 11:37:09.151236057 CEST	1.1.1.1	192.168.2.6	0x810b	Name error (3)	eaglepawnoy.store	none	none	A (IP address)	IN (0x0001)	false
Oct 21, 2024 11:37:09.163829088 CEST	1.1.1.1	192.168.2.6	0x84a	Name error (3)	dissapoiznw.store	none	none	A (IP address)	IN (0x0001)	false
Oct 21, 2024 11:37:09.176666021 CEST	1.1.1.1	192.168.2.6	0x608e	Name error (3)	studennotediw.store	none	none	A (IP address)	IN (0x0001)	false
Oct 21, 2024 11:37:09.189217091 CEST	1.1.1.1	192.168.2.6	0x6c2d	Name error (3)	bathdoomgaz.store	none	none	A (IP address)	IN (0x0001)	false
Oct 21, 2024 11:37:09.201179028 CEST	1.1.1.1	192.168.2.6	0x5448	Name error (3)	spirittunek.store	none	none	A (IP address)	IN (0x0001)	false
Oct 21, 2024 11:37:09.222758055 CEST	1.1.1.1	192.168.2.6	0x80d0	Name error (3)	licendfilteo.site	none	none	A (IP address)	IN (0x0001)	false
Oct 21, 2024 11:37:09.236263990 CEST	1.1.1.1	192.168.2.6	0x33ad	No error (0)	steamcommunity.com		104.102.49.254	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

steamcommunity.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49711	104.102.49.254	443	4876	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-21 09:37:10 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-10-21 09:37:10 UTC	1891	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://ste [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Mon, 21 Oct 2024 09:37:10 GMT Content-Length: 25258 Connection: close Set-Cookie: sessionid=b2ccaf742db2c221676d7547; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7Cd883ccb3237fa39d2837163d0f38217b; Path=/; Secure; HttpOnly; SameSite=None
2024-10-21 09:37:10 UTC	14493	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
2024-10-21 09:37:10 UTC	10765	IN	Data Raw: 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 20 74 69 67 68 74 22 20 68 72 65 66 3d 22 3f 6c 3d 62 75 6c 67 61 72 69 61 6e 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 62 75 6c 67 61 72 69 61 6e 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e d0 91 d1 8a d0 bb d0 b3 d0 b0 d1 80 d1 81 d0 ba d0 b8 20 28 42 75 6c 67 61 72 69 61 6e 29 3c 2f 61 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 20 74 69 67 68 74 22 20 68 72 65 66 3d 22 3f 6c 3d 63 7a 65 63 68 22 20 6f 6e 63 6c 69 63 Data Ascii: <a class="popup_menu_item tight" href="?l=bulgarian" onclick="ChangeLanguage( 'bulgarian' ); return false;"> (Bulgarian)</a><a class="popup_menu_item tight" href="?l=czech" onclic

Target ID:	0
Start time:	05:37:05
Start date:	21/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xb80000
File size:	2'986'496 bytes
MD5 hash:	DC43C9288AEA0674EEDFBE45F76CE6CC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	62.7%
Total number of Nodes:	51
Total number of Limit Nodes:	6

Executed Functions

Function 00BC50FA Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNEL32(19A41BB1,00000000,00000800), ref: 00BC5182

Strings

@^, xrefs: 00BC5120
<I$), xrefs: 00BC5198
<I$), xrefs: 00BC52E3

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID: LibraryLoad
String ID: <I$)$<I$)$@^
API String ID: 1029625771-935358343
Opcode ID: 43e65da185654fcbc0346d128c2f1a17ad2a22c8f05d57a43626eb8fee92aed2
Instruction ID: 09e64392e29b03fdcda0a476cbede53e505ced8b162b4034bbb0daee62bf7047
Opcode Fuzzy Hash: 43e65da185654fcbc0346d128c2f1a17ad2a22c8f05d57a43626eb8fee92aed2
Instruction Fuzzy Hash: 66219D351093848FC300DF68D890B6AF7F4AB6A300FA9482CE1C5E7352EB36D955CB56

Function 00B8FCA0 Relevance: 5.4, Strings: 4, Instructions: 373
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

V, xrefs: 00B8FEDC
J|BJ, xrefs: 00B9000D
t, xrefs: 00B8FCBE
VY^_, xrefs: 00B8FDFF

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: J|BJ$V$VY^_$t
API String ID: 0-3701112211
Opcode ID: 7631f038be55bfea047f8c0f819d500837e84645631662b34b6633bf33bff8aa
Instruction ID: 5d50f154057bad4d543b684a01932153009558ba0468f906e588560c934bba39
Opcode Fuzzy Hash: 7631f038be55bfea047f8c0f819d500837e84645631662b34b6633bf33bff8aa
Instruction Fuzzy Hash: 4DD1767451D3919FD710EF14949062FBBE1EB92B48F1888ACF4C99B262D336CD09DB92

Function 00B8D110 Relevance: 1.7, APIs: 1, Instructions: 168
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(00000000), ref: 00B8D2F0

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 9ce9979f25b4ce0e31f7a4e509d42d4a19aa5c89e2215c97e65739661667ab95
Instruction ID: 7304d967adf531e208094ac02561691bd4c9be5b99ca2693fe59dac2ce62c107
Opcode Fuzzy Hash: 9ce9979f25b4ce0e31f7a4e509d42d4a19aa5c89e2215c97e65739661667ab95
Instruction Fuzzy Hash: 6D41107040D280ABD601BF68D584A2EFBF5EF92705F148C9DE5C49B2A2C236D814CB6B

Function 00BC5700 Relevance: 1.6, APIs: 1, Instructions: 69
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlReAllocateHeap.NTDLL(?,00000000,?,?), ref: 00BC5784

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 59d9073753bd74bcf89bc0271f0851ad235ca2041465a3a251f2ad6471bb4b59
Instruction ID: 0616816b8b46e448287b64dcb1bb1623772054f1b88a6587d782e7ae0a91bee6
Opcode Fuzzy Hash: 59d9073753bd74bcf89bc0271f0851ad235ca2041465a3a251f2ad6471bb4b59
Instruction Fuzzy Hash: BB118C7591D640EBC311AF28E854E1BFBE5AF86B10F05886DE4C49B212D735E850CB93

Function 00BC5BB0 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL(00BC973D,005C003F,00000006,?,?,00000018,8C8D8A8B,?,?), ref: 00BC5BDE

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82

Function 00BC695B Relevance: 1.4, Strings: 1, Instructions: 100
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

@, xrefs: 00BC69C5

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 9a3edcd141732307c6d9f2593270d54bab0f005b345e512ff8c79bd6c2dfd794
Instruction ID: cfcb45cd6616d67b93ae1ffc2e3e1e45cf800d6602aa91b0cc578059cc081eb3
Opcode Fuzzy Hash: 9a3edcd141732307c6d9f2593270d54bab0f005b345e512ff8c79bd6c2dfd794
Instruction Fuzzy Hash: EA31A8B16083018FD718DF14C8A0B2AB7F1EF88344F58986DF5C6972A1E7389904CB66

Function 00B9049B Relevance: .3, Instructions: 264
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5c394e913eb1e53ccdb27cce42a310f1e73e03becf9202dee42503343923bb9
Instruction ID: d07e20f05b27cdf85d6ccd386efca73696d3b55103744163d08d232baceac005
Opcode Fuzzy Hash: e5c394e913eb1e53ccdb27cce42a310f1e73e03becf9202dee42503343923bb9
Instruction Fuzzy Hash: 9A917B75200B01CFD724CF25E894A26B7F6FF89310B118ABDE8568BAA1DB30F815CB50

Function 00B90228 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 453e27abc74121aae56f421a0325746e13e1536dfdfb341ccd316f4ed192d574
Instruction ID: 17f48b799ac6273a9e8d757685ce5e73f1b211950f33cddb414dd983fb4dd709
Opcode Fuzzy Hash: 453e27abc74121aae56f421a0325746e13e1536dfdfb341ccd316f4ed192d574
Instruction Fuzzy Hash: 9B716874201701DFDB248F25E894F26B7F6FF89714F1089BDE8968B662DB31A815CB60

Function 00BC99D0 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c2b86e5345bed9f03a715b27848ff248a0ad206683c832f0ed5ee3e0c0ad64d
Instruction ID: 1770ad20757e9a199d57fddfbd7b5590d82dae31952fc0f357140c88dc8bef97
Opcode Fuzzy Hash: 0c2b86e5345bed9f03a715b27848ff248a0ad206683c832f0ed5ee3e0c0ad64d
Instruction Fuzzy Hash: 27419C34209300ABE7249E15E894F2BF7E6EB85714F2488ACF58A97251D331EC01CB66

Function 00BC63B8 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 236ffe2e57c10411036672e84a17e46c593246bdbdb0ae4bac89445191240c35
Instruction ID: 22827278d9b5023ac0d3cf189b58572772408cfdf822671432505c8bf8a41afb
Opcode Fuzzy Hash: 236ffe2e57c10411036672e84a17e46c593246bdbdb0ae4bac89445191240c35
Instruction Fuzzy Hash: C831D270649301BBD628DB08CD92F3AB7E5EB81B11F64855CF1C19B2E1D770AC118B56

Function 00B90EEC Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50bc6d66171b342edd88bce33c4ff9ad13ff7ceedf84b0bc7153b95155c9c7a5
Instruction ID: 0bdcc6f7a0057921525dca94c88e8f4ef467fef490d22581685328fed0bbe738
Opcode Fuzzy Hash: 50bc6d66171b342edd88bce33c4ff9ad13ff7ceedf84b0bc7153b95155c9c7a5
Instruction Fuzzy Hash: 3C2137B590021A9FEF15CF94CC90BBEBBB2FF4A304F144859E811BB292C735A901CB64

Function 00BC3220 Relevance: 1.6, APIs: 1, Instructions: 59
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(?,00000000), ref: 00BC32A6

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: f9b5a2dbb9ea9c4fe41c60260778245b42cd97f4ef2cd1ecc224b5118c240f76
Instruction ID: 56df74ec7848c895f2332eab7670db35ce855130474bbc0249b9d6e41bd07be1
Opcode Fuzzy Hash: f9b5a2dbb9ea9c4fe41c60260778245b42cd97f4ef2cd1ecc224b5118c240f76
Instruction Fuzzy Hash: FB018B3050D2409BC700AB18E854E1AFBE8EF4AB00F45885CE4C48B321D635DC60CBA2

Function 00BC3202 Relevance: 1.5, APIs: 1, Instructions: 6
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,00000000), ref: 00BC3208

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 1bf67efe1efce38745d98f239bc8937d458abb7e48f31da6e70501fb3c2dbdd1
Instruction ID: 42d061c8a2226d1bbb2c028c4ccae771e40de0bd8fdc9fe276af38a2532e7e24
Opcode Fuzzy Hash: 1bf67efe1efce38745d98f239bc8937d458abb7e48f31da6e70501fb3c2dbdd1
Instruction Fuzzy Hash: BFB012301400005FDA041B00EC0AF003610EB00605F800090A100050B1E5615C64C554

Non-executed Functions

Function 00BB23E0 Relevance: 33.0, APIs: 4, Strings: 13, Instructions: 3298COMMON

Download Yara Rule

Strings

fedc, xrefs: 00BB2782
aenQ, xrefs: 00BB276A
ggxz, xrefs: 00BB2685
|}&C, xrefs: 00BB2F21
%*+(, xrefs: 00BB40EF
Cx, xrefs: 00BB453D
3<, xrefs: 00BB32D6
f@~!, xrefs: 00BB25FF
#v, xrefs: 00BB344B, 00BB4861
:, xrefs: 00BB32DD
`tii, xrefs: 00BB2693
{l`~, xrefs: 00BB268C
mlc@, xrefs: 00BB275C

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: %*+($3<$:$Cx$`tii$aenQ$f@~!$fedc$ggxz$mlc@${l`~$|}&C$#v
API String ID: 0-2260822535
Opcode ID: 1208f619779e1bf3a8a93ac523118cc23bb612ad67253110c77c6e6cdd8e0a1f
Instruction ID: 881a8cf8f296e3e1ba58927ce9ec0d2ab584c75ba26e2d1eead076e29a269e6f
Opcode Fuzzy Hash: 1208f619779e1bf3a8a93ac523118cc23bb612ad67253110c77c6e6cdd8e0a1f
Instruction Fuzzy Hash: 7533AB70504B818FD7258F38C590BA2BBE1FF16304F58899DE4DA8BB92C775E906CB61

Function 00B9DB6F Relevance: 32.0, Strings: 24, Instructions: 2006COMMON

Download Yara Rule

Strings

89>?, xrefs: 00B9E9F6
mjkh, xrefs: 00B9E7D8
AR, xrefs: 00B9DD10
dcba, xrefs: 00B9E728
DCBA, xrefs: 00B9E887, 00B9E896
T, xrefs: 00B9F157
:WUE, xrefs: 00B9F6B7, 00B9F6C6
89&', xrefs: 00B9E93B
<=2, xrefs: 00B9EA01
`Y^_, xrefs: 00B9E99E
`onm, xrefs: 00B9E733
%*+(, xrefs: 00B9DE37, 00B9DE46
xgfe, xrefs: 00B9E71D
@ONM, xrefs: 00B9E6DB
lkji, xrefs: 00B9E73E
tsrq, xrefs: 00B9E6FC
()./, xrefs: 00B9E9CA
QNOL, xrefs: 00B9E775
D, xrefs: 00B9E846
tuJK, xrefs: 00B9E967
<=:;, xrefs: 00B9E930
LKJI, xrefs: 00B9E6E6
|, xrefs: 00B9ECB1
WP, xrefs: 00B9DCEF

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: %*+($()./$89&'$89>?$:WUE$<=2$<=:;$@ONM$AR$D$DCBA$LKJI$QNOL$T$WP$`Y^_$`onm$dcba$lkji$mjkh$tsrq$tuJK$xgfe$|
API String ID: 2994545307-1418943773
Opcode ID: 6a495a843dabae12fb6abb3fd303294d3b819dbc31dbedd627a5d106e0a8f5d5
Instruction ID: e9726d6afd30c04a198be9daed983f1e56a673b4b3a2b475c21133bcd2352034
Opcode Fuzzy Hash: 6a495a843dabae12fb6abb3fd303294d3b819dbc31dbedd627a5d106e0a8f5d5
Instruction Fuzzy Hash: FDF278B05093829BDB70CF14C484BABBBE6FFD5314F5448ADE4D98B251EB319984CB92

Function 00BA9F62 Relevance: 21.7, Strings: 17, Instructions: 473COMMON

Download Yara Rule

Strings

S], xrefs: 00BAA636
WH, xrefs: 00BAAA1C
_Y, xrefs: 00BAA641
CG, xrefs: 00BAAA32
sm, xrefs: 00BAA830
?m,o, xrefs: 00BAA13C
kW, xrefs: 00BAA380
(a*c, xrefs: 00BAA147
=], xrefs: 00BAA36A
JG, xrefs: 00BAAA27
WQ, xrefs: 00BAA62B
hi, xrefs: 00BAAB9D
/), xrefs: 00BAA66D
N[, xrefs: 00BAA375
%e6g, xrefs: 00BAA152
]{, xrefs: 00BAA1E7, 00BAA1F3
Gt, xrefs: 00BA9FF8

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: %e6g$(a*c$=]$?m,o$CG$Gt$JG$N[$WH$]{$hi$kW$/)$S]$WQ$_Y$sm
API String ID: 0-1131134755
Opcode ID: c749a10b2fbeaf0897e0c2ac0aeb21d5279b810c160d1074fb6050e787a2dd4f
Instruction ID: 9c8ac6bc4bc760f98b82a8b9aace026fa51854f0a2ffe8e6b0800d520261bd1f
Opcode Fuzzy Hash: c749a10b2fbeaf0897e0c2ac0aeb21d5279b810c160d1074fb6050e787a2dd4f
Instruction Fuzzy Hash: BB52C6B414D385CAE270CF25D581B8EBAF1BB92740F608A1DE1ED9B255DB708045CFA3

Function 00BA9510 Relevance: 20.4, Strings: 16, Instructions: 427COMMON

Download Yara Rule

Strings

,A&C, xrefs: 00BA982E
B7U1, xrefs: 00BA9AFB
8;, xrefs: 00BA9B13
pq, xrefs: 00BA99E0
G+X5, xrefs: 00BA9AF3
2A"_, xrefs: 00BA9980
!E4G, xrefs: 00BA9836
?M0K, xrefs: 00BA9968
L3Y=, xrefs: 00BA9B03
;IJK, xrefs: 00BA983E
z=Q?, xrefs: 00BA9826
X/R), xrefs: 00BA9AEB
G'M!, xrefs: 00BA9ADB
O+f), xrefs: 00BA9634, 00BA963D
B?Q9, xrefs: 00BA9B0B
T#a-, xrefs: 00BA9AE3

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: !E4G$,A&C$2A"_$8;$;IJK$?M0K$B7U1$B?Q9$G'M!$G+X5$L3Y=$O+f)$T#a-$X/R)$pq$z=Q?
API String ID: 0-655414846
Opcode ID: 819ae6db6e2dcaa815971b71f332abb680695888d210f709799d7bf89c84bc6e
Instruction ID: eb1f26242b4cf9ec7a635fdec056d9e5a475001c7314e95f8ae34b2663d5a7dd
Opcode Fuzzy Hash: 819ae6db6e2dcaa815971b71f332abb680695888d210f709799d7bf89c84bc6e
Instruction Fuzzy Hash: 69F14EB4508380ABD310DF15D881A2BBBF4FB96B88F144D5CF4D99B252E334D908DBA6

Function 00BADD29 Relevance: 14.9, Strings: 11, Instructions: 1142COMMON

Download Yara Rule

Strings

hX]N, xrefs: 00BADDC7
{E, xrefs: 00BAE323
n\+H, xrefs: 00BADDC0
%*+(, xrefs: 00BAE143
upH}, xrefs: 00BADE8A, 00BAE798, 00BADF4A
)IgK, xrefs: 00BAE261
=]+_, xrefs: 00BAE276
-M2O, xrefs: 00BAE25A
<Y.[, xrefs: 00BAE27D
,Q?S, xrefs: 00BAE26F
Y9N;, xrefs: 00BAE245

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: %*+($)IgK$,Q?S$-M2O$<Y.[$=]+_$Y9N;$hX]N$n\+H$upH}${E
API String ID: 0-1557708024
Opcode ID: 7be869229686cbaf1fe970b9a948ee5b49468f7d433d0cefc13855939a0cb1b7
Instruction ID: fc8f07cfd5ce78045a08d5bd40ba8d560f62ecd832dac0230be1aea056ee9245
Opcode Fuzzy Hash: 7be869229686cbaf1fe970b9a948ee5b49468f7d433d0cefc13855939a0cb1b7
Instruction Fuzzy Hash: 3092E271E05205CFDB14CF68D8916AEBBF2FF4A310F2985A9E416AB391D7359D01CB90

Function 00D53C0F Relevance: 14.2, Strings: 10, Instructions: 1667COMMON

Download Yara Rule

Strings

%%=g, xrefs: 00D546D2
{OvP, xrefs: 00D54D51
?g>b, xrefs: 00D548AC
U}o, xrefs: 00D53E6C
Yb_y, xrefs: 00D54C2A
R 9], xrefs: 00D54DF1
;fw, xrefs: 00D549D9
Op|=, xrefs: 00D54396
:fw, xrefs: 00D5480E
"Jg], xrefs: 00D54789

Memory Dump Source

Source File: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: "Jg]$%%=g$:fw$;fw$?g>b$Op|=$R 9]$Yb_y${OvP$U}o
API String ID: 0-2967441848
Opcode ID: 9fc393648bf6a0ef261980a9282f485874c502440afee9e9d0dcf41dd34cc205
Instruction ID: 2d46534897766c69cded23127f7c74055452d4b8cf33f2e5e877adca40326fb2
Opcode Fuzzy Hash: 9fc393648bf6a0ef261980a9282f485874c502440afee9e9d0dcf41dd34cc205
Instruction Fuzzy Hash: ACB239F3A082009FE7086E2DEC8567ABBD9EFD4320F1A493DEAC5C7344E97558058697

Function 00D5C32D Relevance: 11.6, Strings: 8, Instructions: 1601COMMON

Download Yara Rule

Strings

3B?, xrefs: 00D5C73D
!]7W, xrefs: 00D5D10B
I5W1, xrefs: 00D5D4EC
XAm., xrefs: 00D5D0DE
-?, xrefs: 00D5CEB4
!]7W, xrefs: 00D5D117
Z'mn, xrefs: 00D5D0ED
SGw, xrefs: 00D5C572

Memory Dump Source

Source File: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: SGw$!]7W$!]7W$3B?$I5W1$XAm.$Z'mn$-?
API String ID: 0-3788050508
Opcode ID: 74fab75caf6985ed600f5683e256e871527afe0b407dbf24a983edcb898d3ddf
Instruction ID: 0f9d354709e82b4f7bcc3df96eedeb44f002cf97f1af62a319376aec6e98569f
Opcode Fuzzy Hash: 74fab75caf6985ed600f5683e256e871527afe0b407dbf24a983edcb898d3ddf
Instruction Fuzzy Hash: A2B208F360C204AFE304AE2DDC8567AB7E9EF94720F1A493DEAC4C3744EA7558058697

Function 00D4D02A Relevance: 11.6, Strings: 8, Instructions: 1590COMMON

Download Yara Rule

Strings

\_z, xrefs: 00D4D0D8
@En, xrefs: 00D4DA85
B#, xrefs: 00D4E31F
*o?, xrefs: 00D4E146
<gs, xrefs: 00D4D946
*7m, xrefs: 00D4DB88
rj~, xrefs: 00D4D06A
PK?, xrefs: 00D4D0BF

Memory Dump Source

Source File: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: *o?$*7m$@En$PK?$rj~$<gs$B#$\_z
API String ID: 0-3377199848
Opcode ID: a35d9be36c9228c3f76d6abab044b505e028a7bf9dd8d6553eb368483cfb9bc1
Instruction ID: b3bb12ca989fd5366cc64aedc0cf5d9f719a593bae80c3dfdbf8c720d5aebd19
Opcode Fuzzy Hash: a35d9be36c9228c3f76d6abab044b505e028a7bf9dd8d6553eb368483cfb9bc1
Instruction Fuzzy Hash: 7CB2E3F3A0C2149FE304AE2DEC8167AFBE5EF94620F164A3DEAC4C7744E63558058697

Function 00BA098B Relevance: 10.8, Strings: 8, Instructions: 836COMMON

Download Yara Rule

Strings

{, xrefs: 00BA1502
qrqp, xrefs: 00BA1089
%*+(, xrefs: 00BA0A77, 00BA0A86
9.5^, xrefs: 00BA0F9F
gce/, xrefs: 00BA1073
&> &, xrefs: 00BA0F89
,#15, xrefs: 00BA0F94
cah`, xrefs: 00BA107E

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: %*+($&> &$,#15$9.5^$cah`$gce/$qrqp${
API String ID: 0-4102007303
Opcode ID: 5c4d0e8994414ddc6874c6d86129dde76bdf90181c4e0dba5b73aa1323eafd6e
Instruction ID: 28267ef06aa00ab49bd61c916fba1f665066c5a4a68b6b1a5384bb4b831a41ab
Opcode Fuzzy Hash: 5c4d0e8994414ddc6874c6d86129dde76bdf90181c4e0dba5b73aa1323eafd6e
Instruction Fuzzy Hash: 2962A8B56183818BD330DF18D891BABBBE1FF96314F084D6DE49A8B681E7359844CB53

Function 00B81000 Relevance: 10.5, Strings: 7, Instructions: 1785COMMON

Download Yara Rule

Strings

gfff, xrefs: 00B822E1
gfff, xrefs: 00B82226
0123456789ABCDEFXP, xrefs: 00B8157D, 00B815EB
gfff, xrefs: 00B82297
@, xrefs: 00B82C40
-, xrefs: 00B821ED
0123456789abcdefxp, xrefs: 00B81587, 00B815F8

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$@$gfff$gfff$gfff
API String ID: 0-2517803157
Opcode ID: 7d3f685c61742a98ebea93d3e59fdd046edd0e4d3d904e947765e1d882a78e00
Instruction ID: cbe486f41cb36e29a4610bc80a03646f3d6c5e9750c4b837bd8ac9c94a5d1213
Opcode Fuzzy Hash: 7d3f685c61742a98ebea93d3e59fdd046edd0e4d3d904e947765e1d882a78e00
Instruction Fuzzy Hash: F1D2F4716083418FD718DF28C49436ABBE2EFD5714F188AADE499C73A1D734D945CB82

Function 00D50AD6 Relevance: 10.0, Strings: 7, Instructions: 1265COMMON

Download Yara Rule

Strings

BMmN, xrefs: 00D5106F
<[], xrefs: 00D50B2C
Pa~, xrefs: 00D50F07
,Qg, xrefs: 00D51209
+wvU, xrefs: 00D5135F
wheo, xrefs: 00D50BB5
2], xrefs: 00D50DBC

Memory Dump Source

Source File: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: 2]$+wvU$,Qg$<[]$BMmN$Pa~$wheo
API String ID: 0-167352775
Opcode ID: f1c3d9ccdd4171e85dd9dc21dcb7c125345b9271464cb54ec5b4bef07b576654
Instruction ID: a5afbd56975bdd8486b9030199781d4a99f59667f9f38b1d39bd96725f9a26a0
Opcode Fuzzy Hash: f1c3d9ccdd4171e85dd9dc21dcb7c125345b9271464cb54ec5b4bef07b576654
Instruction Fuzzy Hash: CC823AF390C204AFE3086E2DEC4577ABBE9EF94720F1A463DEAC4C7744E93558058696

Function 00D4811A Relevance: 9.1, Strings: 6, Instructions: 1618COMMON

Download Yara Rule

Strings

T^yo, xrefs: 00D49079
IoU, xrefs: 00D488A0
a6em, xrefs: 00D48C5D
qs_S, xrefs: 00D4940B
B]fh, xrefs: 00D49276
$DY{, xrefs: 00D48940

Memory Dump Source

Source File: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: $DY{$B]fh$IoU$T^yo$a6em$qs_S
API String ID: 0-2813603083
Opcode ID: 5bf87872bd4febb491c30ce21f4db854f6bd0b9a30fb790a046fd68c77fbc36c
Instruction ID: f3c25774d881abe3d081f35011f169a9973baa1077cac37d8b977e8a82f0ad24
Opcode Fuzzy Hash: 5bf87872bd4febb491c30ce21f4db854f6bd0b9a30fb790a046fd68c77fbc36c
Instruction Fuzzy Hash: D4B217F360C2049FE3046E29EC8567AB7E9EFD4720F1A893DE6C483744EA3598458797

Function 00D49B59 Relevance: 9.1, Strings: 6, Instructions: 1602COMMON

Download Yara Rule

Strings

r5}, xrefs: 00D4A363
@]r, xrefs: 00D4A108
\{o, xrefs: 00D4A179
a>4{, xrefs: 00D49DFE
L%, xrefs: 00D4A1FE
"No~, xrefs: 00D4A06B

Memory Dump Source

Source File: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: "No~$L%$a>4{$r5}$@]r$\{o
API String ID: 0-1861230596
Opcode ID: 65c71a458c14e008ae982c874d724b5a618d1be5bbf65a9f4405dff03af92fb1
Instruction ID: 7dfa0222759d9676818dade66c1cce892718eb90b9b84845efabff4edcf35a77
Opcode Fuzzy Hash: 65c71a458c14e008ae982c874d724b5a618d1be5bbf65a9f4405dff03af92fb1
Instruction Fuzzy Hash: 41B202F360C2049FE304AE2DEC8567ABBE9EF94620F1A493DE6C4C7744E63598058697

Function 00D4666E Relevance: 9.1, Strings: 6, Instructions: 1589COMMON

Download Yara Rule

Strings

d{>, xrefs: 00D46F54
=(~, xrefs: 00D476A3
`03?, xrefs: 00D46A9A
X\>, xrefs: 00D47948
`m, xrefs: 00D4740E
!77[, xrefs: 00D47319

Memory Dump Source

Source File: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: !77[$=(~$`03?$X\>$`m$d{>
API String ID: 0-1917224074
Opcode ID: 8842cc4376ab4c50ba64a448068b76b04e087a7462905d7a6cd553f619652316
Instruction ID: 33f18fedf3c18d128a6f25db7bd59fe1d3d8a73cddd76e6a9ad8feb67e278931
Opcode Fuzzy Hash: 8842cc4376ab4c50ba64a448068b76b04e087a7462905d7a6cd553f619652316
Instruction Fuzzy Hash: 0CB206F360C2049FE3046E2DEC8567ABBE9EF94720F1A493DE6C5C3744EA7598018697

Function 00D5A7BD Relevance: 7.9, Strings: 5, Instructions: 1669COMMON

Download Yara Rule

Strings

.bw, xrefs: 00D5B572
T1, xrefs: 00D5BA56
:mvv, xrefs: 00D5ADDA
0sw6, xrefs: 00D5AC3E
={_, xrefs: 00D5B00B

Memory Dump Source

Source File: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: .bw$0sw6$:mvv$={_$T1
API String ID: 0-4108090034
Opcode ID: a1bed9e5ce5c189c8c688e09feec79efb7d2cc02850af4f9c2b0bdfbfd72909e
Instruction ID: 5ac373aededb051fcb3fff55881073d5b4e6b10da5b33ace617201e65f904667
Opcode Fuzzy Hash: a1bed9e5ce5c189c8c688e09feec79efb7d2cc02850af4f9c2b0bdfbfd72909e
Instruction Fuzzy Hash: 70B228F3A0C2009FE7046E2DEC8567ABBE9EF94720F1A463DE6C4C7740E67598058697

Function 00D58D3B Relevance: 7.9, Strings: 5, Instructions: 1619COMMON

Download Yara Rule

Strings

"(~, xrefs: 00D59763
&7;, xrefs: 00D59725
<5q, xrefs: 00D58D98
Fgo3, xrefs: 00D5958F
=W7, xrefs: 00D58EA4

Memory Dump Source

Source File: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: "(~$&7;$<5q$Fgo3$=W7
API String ID: 0-2980778735
Opcode ID: 89f072c07fae6ab5e63c4d2f271cc82572f2e23ad561760eee94afb66c0e1cc3
Instruction ID: 1d067b1ab9b9590f357e03013739c586fef477a30b4b0a243214f728db6a8234
Opcode Fuzzy Hash: 89f072c07fae6ab5e63c4d2f271cc82572f2e23ad561760eee94afb66c0e1cc3
Instruction Fuzzy Hash: 21B218F3A0C204AFE3046E29EC4567AFBE9EFD4720F1A853DE6C4C3744E67558058696

Function 00B812F7 Relevance: 7.2, Strings: 5, Instructions: 922COMMON

Download Yara Rule

Strings

i, xrefs: 00B828EA
0, xrefs: 00B8243E
@, xrefs: 00B83531
0, xrefs: 00B81DC1
0, xrefs: 00B81E88

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: 0$0$0$@$i
API String ID: 0-3124195287
Opcode ID: 4baaee592145c3c976584f97271037b05dfcd7418745303dac9fb654a1ec44d5
Instruction ID: e4d497bf8cf663f484bec19804c79b20271b9f415a4cad48611634a26904adac
Opcode Fuzzy Hash: 4baaee592145c3c976584f97271037b05dfcd7418745303dac9fb654a1ec44d5
Instruction Fuzzy Hash: D762C07160D3818FC718EF28C49076ABBE1EF95304F188EADE8D9972A1D774D945CB82

Function 00B8164F Relevance: 6.7, Strings: 5, Instructions: 472COMMON

Download Yara Rule

Strings

gfff, xrefs: 00B81F57
0123456789ABCDEFXP, xrefs: 00B8164F
+, xrefs: 00B81573
gfff, xrefs: 00B81F3C
0123456789abcdefxp, xrefs: 00B81659

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: +$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
API String ID: 0-1123320326
Opcode ID: b9f3854ff6c43131956478632540d7796eb333c25a485ccca54f5fb2a905c136
Instruction ID: cd3a6f8e34b4dd6a1ef55b3f9089a15cf51f299a3eef1074dd4c69f157ef9fc4
Opcode Fuzzy Hash: b9f3854ff6c43131956478632540d7796eb333c25a485ccca54f5fb2a905c136
Instruction Fuzzy Hash: 6CF1AF3160D3818FC719DF28C49466AFBE2AFD9304F188AADE4D987362D734D945CB92

Function 00B813A3 Relevance: 6.6, Strings: 5, Instructions: 390COMMON

Download Yara Rule

Strings

gfff, xrefs: 00B81F57
0123456789ABCDEFXP, xrefs: 00B813A3
gfff, xrefs: 00B81F3C
-, xrefs: 00B81F23
0123456789abcdefxp, xrefs: 00B813AD

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
API String ID: 0-3620105454
Opcode ID: e4d88610ddb5dcf4e5785c4bbea653e2e908c8c63c956a9a92ca4175e7ac7280
Instruction ID: fc5c10780a36f8ae24ce3e2484bb88ddc2bd964d524eb518c22d816578092996
Opcode Fuzzy Hash: e4d88610ddb5dcf4e5785c4bbea653e2e908c8c63c956a9a92ca4175e7ac7280
Instruction Fuzzy Hash: 3AD1BF3160D7818FC719DF29C48066AFBE2AFD9304F08CAADE4D987362D634D949CB52

Function 00D572AB Relevance: 6.6, Strings: 4, Instructions: 1610COMMON

Download Yara Rule

Strings

e>?w, xrefs: 00D5802E
9E{, xrefs: 00D57866
G:\, xrefs: 00D57474
V?, xrefs: 00D57591

Memory Dump Source

Source File: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: 9E{$G:\$e>?w$V?
API String ID: 0-840999048
Opcode ID: d29a0e46c0c09400e8d1d7f6b7357b9a6c20b873dfcd25f874b635431eecc9a1
Instruction ID: 6d523916050304a930f851c55c5a36a4fa06859f767649d89a2630bacde091ee
Opcode Fuzzy Hash: d29a0e46c0c09400e8d1d7f6b7357b9a6c20b873dfcd25f874b635431eecc9a1
Instruction Fuzzy Hash: A8B204F360C200AFE3046E29EC8577AFBE5EF94720F1A492DEAC4C7744EA3559058697

Function 00BAFD10 Relevance: 5.7, Strings: 4, Instructions: 667COMMON

Download Yara Rule

Strings

m1s3, xrefs: 00BAFEC3, 00BAFECB
NA_I, xrefs: 00BB036D
uvw, xrefs: 00BAFE95
:, xrefs: 00BB0087

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: :$NA_I$m1s3$uvw
API String ID: 0-3973114637
Opcode ID: 1eb1d575274c3ef14ed3afef6e367e6dc608e2356da5b97e01e6caeba9b42d2a
Instruction ID: f6b80c3aead44d6cc3c8d7b8e04c89d98109faa5585b16d99835d02e9212d01d
Opcode Fuzzy Hash: 1eb1d575274c3ef14ed3afef6e367e6dc608e2356da5b97e01e6caeba9b42d2a
Instruction Fuzzy Hash: E332A9B0519381DFD310EF28D890A6BBBE1EB8A300F144DACF5D58B2A2E775D905CB52

Function 00D5F8C8 Relevance: 5.4, Strings: 3, Instructions: 1685COMMON

Download Yara Rule

Strings

7wv?, xrefs: 00D6044D
W'Yi, xrefs: 00D6094B
W}WC, xrefs: 00D6074B

Memory Dump Source

Source File: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: 7wv?$W'Yi$W}WC
API String ID: 0-3068132968
Opcode ID: 5ffdde343dce57b693b66650865dcd45ed0aa2de2818dde0595b54870f8d7012
Instruction ID: 1e1a6e319e56299e05485741ee03bff12f6b3cd0b7a8c523013354342af6721c
Opcode Fuzzy Hash: 5ffdde343dce57b693b66650865dcd45ed0aa2de2818dde0595b54870f8d7012
Instruction Fuzzy Hash: 8CB248F360C214AFE3046E2DEC85A7ABBE9EFD4360F1A453DE6C4C7744EA3558018692

Function 00B93BE2 Relevance: 5.4, Strings: 4, Instructions: 431COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00B93EC4
;z, xrefs: 00B93C87
ss, xrefs: 00B93C79
p, xrefs: 00B93C80

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: %*+($;z$p$ss
API String ID: 0-2391135358
Opcode ID: b709478a83842ae8978f2236eee905873187e50d39726f2bbe6d7e5f0052c9b3
Instruction ID: eb5dec17e12b272bf2fb7a3acee77061875697288aa56dc9efcd08267080360e
Opcode Fuzzy Hash: b709478a83842ae8978f2236eee905873187e50d39726f2bbe6d7e5f0052c9b3
Instruction Fuzzy Hash: A5026DB4810B00DFD760EF24D986B56BFF5FB05700F50499DE89A8B695E330E815CBA2

Function 00BA2260 Relevance: 5.4, Strings: 4, Instructions: 383COMMON

Download Yara Rule

Strings

a|, xrefs: 00BA2317
lc, xrefs: 00BA2507
hu, xrefs: 00BA232F
sj, xrefs: 00BA2327

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: a|$hu$lc$sj
API String ID: 0-3748788050
Opcode ID: 73ad51b4d1d22ff2b7603a83c76593256da1a28fe111d53d8be47e12869b5748
Instruction ID: 11d3a77886d8b3596cbcd21738c15c1d82616b3bf6b7346428dde2658280a759
Opcode Fuzzy Hash: 73ad51b4d1d22ff2b7603a83c76593256da1a28fe111d53d8be47e12869b5748
Instruction Fuzzy Hash: E4A18BB48083418BC720DF18C891A2BB7F0FFA6754F548A4CE8D59B391E739D945CB96

Function 00BAD7AF Relevance: 5.2, Strings: 4, Instructions: 213COMMON

Download Yara Rule

Strings

T>, xrefs: 00BAD984
KV, xrefs: 00BAD97D
CV, xrefs: 00BAD98B
#', xrefs: 00BAD9EA

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: #'$CV$KV$T>
API String ID: 0-95592268
Opcode ID: 244f730c58e00da7c135e30345cca5452ed2ba72b25aa2744f40538f82c3fa86
Instruction ID: 41ea141b7714aa03c6ba6d17dc3a4251a5539430df4b43a907f7070732bcbacd
Opcode Fuzzy Hash: 244f730c58e00da7c135e30345cca5452ed2ba72b25aa2744f40538f82c3fa86
Instruction Fuzzy Hash: 528155B48057459BDB20DFA5D2851AFBFB1FF12300F604A4CE4866BA55C334AA55CFE2

Function 00BAAC91 Relevance: 5.1, Strings: 4, Instructions: 128COMMON

Download Yara Rule

Strings

lk, xrefs: 00BAACBC
,{*y, xrefs: 00BAAD07, 00BAAD13
4c2a, xrefs: 00BAACA9
(g6e, xrefs: 00BAACA1

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: (g6e$,{*y$4c2a$lk
API String ID: 0-1327526056
Opcode ID: a0e60996bbcc1fcf47a6d7cc39852f6a9fdeedfd059654f6431c1a99767896c7
Instruction ID: 8e25578e0b18e544dce885ba96aaccffb9b37f0d7b71140436305d51155d2538
Opcode Fuzzy Hash: a0e60996bbcc1fcf47a6d7cc39852f6a9fdeedfd059654f6431c1a99767896c7
Instruction Fuzzy Hash: EC4196B4409382DBD7209F24D800BABB7F0FF86305F5499ADE5C897220EB31D944CBA6

Function 00BAC470 Relevance: 4.2, Strings: 3, Instructions: 419COMMON

Download Yara Rule

Strings

~/i!, xrefs: 00BAC537
%*+(, xrefs: 00BAC9E4, 00BAC9ED
%*+(, xrefs: 00BAC8C3, 00BAC8CB

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: %*+($%*+($~/i!
API String ID: 0-4033100838
Opcode ID: 10fb47cc06296b9749f55723136fd8df9daeef6b840699fd6a517a5d3f698ef1
Instruction ID: a833dcc48586d55563f67b109173d7f9f735feb87d19064febbb1ad329a7b72d
Opcode Fuzzy Hash: 10fb47cc06296b9749f55723136fd8df9daeef6b840699fd6a517a5d3f698ef1
Instruction Fuzzy Hash: 3CE197B551D344EFE3209F68D881B2BBBE5FB86340F548C6DE58987251EB35D810CB92

Function 00B88590 Relevance: 4.1, Strings: 3, Instructions: 387COMMON

Download Yara Rule

Strings

IEND, xrefs: 00B889F0
), xrefs: 00B8860C
), xrefs: 00B88616

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: )$)$IEND
API String ID: 0-588110143
Opcode ID: e997916c3880be2b892e2f0369eb1497541900ce126dbb92f9278ea5b33f716f
Instruction ID: 99ab88ade9ffc8392ab2f757199c7568249d4fadf23cb42ab127420485a25c0d
Opcode Fuzzy Hash: e997916c3880be2b892e2f0369eb1497541900ce126dbb92f9278ea5b33f716f
Instruction Fuzzy Hash: 05E1F3B1A083029FD310EF28D88172ABBE0FF94314F54496DE595973A1DB75E914CBD2

Function 00BC4040 Relevance: 3.1, Strings: 2, Instructions: 577COMMON

Download Yara Rule

Strings

f, xrefs: 00BC420C
%*+(, xrefs: 00BC40A4, 00BC40AD

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: %*+($f
API String ID: 0-2038831151
Opcode ID: 6d7d4d802045209b75b6ed5eae166c4ff9d4fdd9137fafb6bd16dbea2012bc6b
Instruction ID: a909dbf7b1a7b4550a5cd6f4ff4438703bb234e424e8a8b356ed2e85730f0779
Opcode Fuzzy Hash: 6d7d4d802045209b75b6ed5eae166c4ff9d4fdd9137fafb6bd16dbea2012bc6b
Instruction Fuzzy Hash: 64128B716083419FC714CF18C8A0F2ABBE1FBC9314F188AADF4D59B291D735EA458B92

Function 00BBF620 Relevance: 3.0, Strings: 2, Instructions: 461COMMON

Download Yara Rule

Strings

dg, xrefs: 00BBF7F5
hi, xrefs: 00BBF6E6

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: dg$hi
API String ID: 0-2859417413
Opcode ID: 4171f84a6bf905c27d36846fe8054de668220bcde35cf7686c2c2af2acd8364c
Instruction ID: cfea36f908edf25fbaf23da2cc430c4691e090f77ba4871f36742f9b1b594e70
Opcode Fuzzy Hash: 4171f84a6bf905c27d36846fe8054de668220bcde35cf7686c2c2af2acd8364c
Instruction Fuzzy Hash: 9EF1A371618342EFE704CF24D8A1B6ABBE6FB96344F149D6DF0858B2A1DB74D844CB12

Function 00B835B0 Relevance: 2.9, Strings: 2, Instructions: 411COMMON

Download Yara Rule

Strings

Inf, xrefs: 00B83607
NaN, xrefs: 00B8360E

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: Inf$NaN
API String ID: 0-3500518849
Opcode ID: d4001ff940fee1fb7743fe71f51dfb51ea79ed1c909ece2a038ee4017b534655
Instruction ID: b325e6eda0656f6ad04b8d2be5418305ddedc115b7240836008e7cd0f1db4e35
Opcode Fuzzy Hash: d4001ff940fee1fb7743fe71f51dfb51ea79ed1c909ece2a038ee4017b534655
Instruction Fuzzy Hash: F1D1D571A183119BC708DF28C88061EBBE5EBC8F50F158A7DF999973A0E675DD05CB82

Function 00B9FFDF Relevance: 2.7, Strings: 2, Instructions: 185COMMON

Download Yara Rule

Strings

BaBc, xrefs: 00BA0197
Ye[g, xrefs: 00BA00F6

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: BaBc$Ye[g
API String ID: 0-286865133
Opcode ID: 36815dd44bfbedd0ea3cc02bc085e34883f4d96402c5f5e5322882b6c28fe843
Instruction ID: 994cfa59e9848cb831fe9a7700e9c4535d61c0990f34cdd4ecbc9da32cbc63a2
Opcode Fuzzy Hash: 36815dd44bfbedd0ea3cc02bc085e34883f4d96402c5f5e5322882b6c28fe843
Instruction Fuzzy Hash: AF51CAB16183858BC731EF14C881BABB7E0FF97320F08499DE49A9B651E3749940CB57

Function 00B85160 Relevance: 1.8, Strings: 1, Instructions: 577COMMON

Download Yara Rule

Strings

%1.17g, xrefs: 00B854C8

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: %1.17g
API String ID: 0-1551345525
Opcode ID: de96c411af98c575dc9eb1556b5ca94a91cf91940e1eacca95b8f6f9e729c4d6
Instruction ID: 4bd6c3008205903e21453c948bd39ec6d71ab2d44e55373c20429f3eb247168a
Opcode Fuzzy Hash: de96c411af98c575dc9eb1556b5ca94a91cf91940e1eacca95b8f6f9e729c4d6
Instruction Fuzzy Hash: 9222B3B6A08B428BE735AE18D980726BBE2EFE0314F1DC5ADD8594B361E771DC44C742

Function 00BB12D0 Relevance: 1.7, Strings: 1, Instructions: 484COMMON

Download Yara Rule

Strings

", xrefs: 00BB15D1

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
Instruction ID: abd65b5439d41c6fb08d7dfbb96fd9afbb79e11d2f861a6549000aa6cee4f813
Opcode Fuzzy Hash: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
Instruction Fuzzy Hash: 66F10571A083415FC724CE29C8A06BBBBE5EFC5350F588DADE89A87382D674DD05C792

Function 00BAAE57 Relevance: 1.7, Strings: 1, Instructions: 455COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00BAB2D3, 00BAB2DB

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: fb1f9f1f6c5ed594b491be007f4b08c1ca03710b48b7de68e04070b456d28bec
Instruction ID: cca01253fe5965f4ba78f15f344ee1113c110b07c552bc2b02b537d939ce942f
Opcode Fuzzy Hash: fb1f9f1f6c5ed594b491be007f4b08c1ca03710b48b7de68e04070b456d28bec
Instruction Fuzzy Hash: 72E1E93150C306DBC724EF28C89096EF7E2FF9A781F24895CE4D587221E731A959CB92

Function 00B96EBF Relevance: 1.7, Strings: 1, Instructions: 447COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00B96EF3

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 9bb7874a9243c220a6bfd84b9ac09e3a514d4188ec19b782205c6e6b9315c8e4
Instruction ID: 5cd87214f2d201c6ae738d1120c41a252b49f04b200b0302af85bb29e3faec2e
Opcode Fuzzy Hash: 9bb7874a9243c220a6bfd84b9ac09e3a514d4188ec19b782205c6e6b9315c8e4
Instruction Fuzzy Hash: AFF18FB5A00A02CFCB24DF24D891A26B7F6FF58314B1489BDE497876A1EB34F815CB51

Function 00BA7E60 Relevance: 1.7, Strings: 1, Instructions: 425COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00BA8263, 00BA826B

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: f09350dc8450ccd367fd9cc8fc13f78d2d7da9ecec858f43f68fee8bf41aef25
Instruction ID: f65054506db2d2b7ebd2a12334780a95c02699bca762cbd7c674e681f7b06bb0
Opcode Fuzzy Hash: f09350dc8450ccd367fd9cc8fc13f78d2d7da9ecec858f43f68fee8bf41aef25
Instruction Fuzzy Hash: 24C19E7190C300ABD720AF14D882A2BB7F5EF96754F08889CF8C59B651E735ED15CBA2

Function 00BA8D62 Relevance: 1.7, Strings: 1, Instructions: 410COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00BA9233, 00BA923B

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 256c4abe8ba9f652bfd3b55b5e238c8d8a00b1a5a7eb4e0c7f4bc3af195dde75
Instruction ID: c8c75ea4985543ea6779d1c9b1496434c3f9faf055f0ce097063a5cfccea8b9b
Opcode Fuzzy Hash: 256c4abe8ba9f652bfd3b55b5e238c8d8a00b1a5a7eb4e0c7f4bc3af195dde75
Instruction Fuzzy Hash: BCD1AE70619302DFD704DF64D8A0B2AB7E6FF89304F5948BEE88687251EB35E950CB51

Function 00BC7FC0 Relevance: 1.6, Strings: 1, Instructions: 387COMMON

Download Yara Rule

Strings

P, xrefs: 00BC8167

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: P
API String ID: 0-3110715001
Opcode ID: 21a1f4f8537bdabc4fdbb0f71f9cc3397431ef7d9fcf416cb02ee3e9499a5829
Instruction ID: 0c78526b69bd99081893e9203377ec4025060843f039b79b5c854789fe494eb2
Opcode Fuzzy Hash: 21a1f4f8537bdabc4fdbb0f71f9cc3397431ef7d9fcf416cb02ee3e9499a5829
Instruction Fuzzy Hash: 9FD1C4729082658FC725CE189890B2EB7E1EB85718F19867CE8B5AF380DB71DC46C7D1

Function 00BACCD0 Relevance: 1.6, Strings: 1, Instructions: 357COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00BACDC3, 00BACDCB

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: %*+(
API String ID: 2994545307-3233224373
Opcode ID: 9533ddb9857bbea6cf544a7d6e43c7b3e3763dfcda06c64b291c2f8e93b4e632
Instruction ID: 6d4f6eaf5ebea5025651312c184faff9df5077f5379708eaeefdec8fda5beedd
Opcode Fuzzy Hash: 9533ddb9857bbea6cf544a7d6e43c7b3e3763dfcda06c64b291c2f8e93b4e632
Instruction Fuzzy Hash: 22B1DD7060D3059FD724EF18D890B2BBBE2EF96340F1449ACE5C58B251E735E855CBA2

Function 00B8A850 Relevance: 1.5, Strings: 1, Instructions: 271COMMON

Download Yara Rule

Strings

,, xrefs: 00B8A9C3

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: ,
API String ID: 0-3772416878
Opcode ID: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
Instruction ID: b21c1a359137508d27b66744e5d0224b4c81e4a26a4e40b6f6542c9e3ff61705
Opcode Fuzzy Hash: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
Instruction Fuzzy Hash: 5AB1387020C3819FD324DF18C88061BBBE1AFA9704F448A6DF5D997352D675EA18CB67

Function 00BBFC20 Relevance: 1.5, Strings: 1, Instructions: 265COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00BBFCA4, 00BBFCAD

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 570f05e6c19734295336296b90796827b640855140350bd29c2e53c57a0b5e03
Instruction ID: f6c38a885e908f392fd1929939fe7308e347151041d722635fe49d746ec6e796
Opcode Fuzzy Hash: 570f05e6c19734295336296b90796827b640855140350bd29c2e53c57a0b5e03
Instruction Fuzzy Hash: A081AA7060A302ABD720DF68DC84B7AB7E5FB99701F14886DF58497291EB71E814CB62

Function 00B9D457 Relevance: 1.5, Strings: 1, Instructions: 248COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00B9D663, 00B9D66B

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 5bbe6ad83505f87ecece600dd70179812b78fbac717933bd5f3cf68d853b9eb5
Instruction ID: 98ac35cdd2057ba77081bcb702babe27fb4b59218317ce3b7c21dc6cf012718f
Opcode Fuzzy Hash: 5bbe6ad83505f87ecece600dd70179812b78fbac717933bd5f3cf68d853b9eb5
Instruction Fuzzy Hash: FB61F3B1909304DBDB10EF59DC92A2AB3F0FFA5354F0909ADF9899B261E731D910C792

Function 00CACAC5 Relevance: 1.5, Strings: 1, Instructions: 244COMMON

Download Yara Rule

Strings

ZF;K, xrefs: 00CACD49

Memory Dump Source

Source File: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: ZF;K
API String ID: 0-744470152
Opcode ID: eb11fffa68c3ab7f1de25431197b3a1e4e566cc7c74618d6e17be77648386ca2
Instruction ID: 4136723e0ed080c417afaeb4dbd79d7e4b8333018159902439df4cec7afb3e59
Opcode Fuzzy Hash: eb11fffa68c3ab7f1de25431197b3a1e4e566cc7c74618d6e17be77648386ca2
Instruction Fuzzy Hash: FC71F4F3A1C2089BE314AE29DC8177AF7D9EF94714F16893DD6C983780EA3599008697

Function 00BC4A40 Relevance: 1.5, Strings: 1, Instructions: 220COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00BC4C33, 00BC4C3B

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 2db3a0986b9176ab9acd58f633e07a625c03bbbc6644942151456d6b1de6ff6f
Instruction ID: a02a328012cb8ea3d127666cacd8254777dc05e9488f1612ee0c77c21b9c3f20
Opcode Fuzzy Hash: 2db3a0986b9176ab9acd58f633e07a625c03bbbc6644942151456d6b1de6ff6f
Instruction Fuzzy Hash: F561DE716093019BD720DF25D8A0F2AFBE6EBC4314F28899DE9C5872A1D771EE40CB52

Function 00C29D52 Relevance: 1.4, Strings: 1, Instructions: 199COMMON

Download Yara Rule

Strings

{{, xrefs: 00C29EF9

Memory Dump Source

Source File: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: {{
API String ID: 0-961997261
Opcode ID: c618b18aa616623b9de2cca3e7d5b0b24dc1080022309856b3fb16e6a8d8f71d
Instruction ID: ea297ed34cfc81f1e018c93d0048a4351a34ad8ab25df2783fb16d4d27a5f1f9
Opcode Fuzzy Hash: c618b18aa616623b9de2cca3e7d5b0b24dc1080022309856b3fb16e6a8d8f71d
Instruction Fuzzy Hash: 555116F3E096049FE7046A3CDC8577AB7D9EB98310F2B463C9A89D3B84E53999054682

Function 00BF9B5B Relevance: 1.4, Strings: 1, Instructions: 186COMMON

Download Yara Rule

Strings

Foh, xrefs: 00BF9C53

Memory Dump Source

Source File: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: Foh
API String ID: 0-2615300104
Opcode ID: 607b0db4dde869b4ad403bd7c4818e6bed8d00bce1665a8254b8da70144534fe
Instruction ID: b5694c92ae4a2cb591aaca6911276cad4aacf792bc8a2cd505f706237b1c9355
Opcode Fuzzy Hash: 607b0db4dde869b4ad403bd7c4818e6bed8d00bce1665a8254b8da70144534fe
Instruction Fuzzy Hash: 58514BF3E086149BF3046A29DD45776B6D7EBD5360F1A863CEA8887748E9399C018782

Function 00B8E1A0 Relevance: 1.4, Strings: 1, Instructions: 175COMMON

Download Yara Rule

Strings

000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081, xrefs: 00B8E333

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
API String ID: 0-2471034898
Opcode ID: b5a886ddf588388ec76043829fb3e0a74074dd558c6392290347b7ee9e3157be
Instruction ID: fea58199eb22e17d2cc5670180fcf2ce0940fb40826c8a07228269479527f91e
Opcode Fuzzy Hash: b5a886ddf588388ec76043829fb3e0a74074dd558c6392290347b7ee9e3157be
Instruction Fuzzy Hash: 17512823B196A04BD325A93C4C952697AC70BE6334B3DC7A9E9F58B3F1D555CC01C350

Function 00BC3920 Relevance: 1.4, Strings: 1, Instructions: 172COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00BC39E3, 00BC39EB

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 0eb5e98f26e1167902f062ad2aad33f9db28574431d887acce969c92d5654074
Instruction ID: b26a6888eceaa797ddf8d72c5ca60807c53fbae33bdcc8a75b1ac07a7b6991df
Opcode Fuzzy Hash: 0eb5e98f26e1167902f062ad2aad33f9db28574431d887acce969c92d5654074
Instruction Fuzzy Hash: 5A517C306092409BCB24DF15D990F2EFBE5EB89B44F58C89DE4C687251D772EE20CB62

Function 00B91BEE Relevance: 1.4, Strings: 1, Instructions: 128COMMON

Download Yara Rule

Strings

L3, xrefs: 00B91C3E

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: L3
API String ID: 0-2730849248
Opcode ID: 5b00c1ba168aa5e007e91bfd03a9080836efce04be3cc37b73920718e18660e3
Instruction ID: c97b9fb745654048c9aa2de5a1a15c858f596cf2e28de40abf575a43bf7970f0
Opcode Fuzzy Hash: 5b00c1ba168aa5e007e91bfd03a9080836efce04be3cc37b73920718e18660e3
Instruction Fuzzy Hash: 504142B4008381ABCB149F28D894A2BBBF0FF86354F048E6DF5C59B291E736C915CB56

Function 00BBFF70 Relevance: 1.4, Strings: 1, Instructions: 124COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00BC0033, 00BC003B

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 038ec5de2e0f5fdf28f9c11a29776c0c9cdf6bc0cbaa1b4e1ff46f60593b6c7b
Instruction ID: 55e0b78d38e28d039b6018076cc6607ecafa68ab6fd3c4a5e856939e8de43953
Opcode Fuzzy Hash: 038ec5de2e0f5fdf28f9c11a29776c0c9cdf6bc0cbaa1b4e1ff46f60593b6c7b
Instruction Fuzzy Hash: C831D0B1A18309EBD610FB14EC81F3BB7E9EB85748F5548ACF88487252E631DC14C7A2

Function 00BAE40C Relevance: 1.4, Strings: 1, Instructions: 108COMMON

Download Yara Rule

Strings

72?1, xrefs: 00BAE6A2

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: 72?1
API String ID: 0-1649870076
Opcode ID: 0e9e0142ceab1c1d62a09d175d05b6313edc1af932c84cfd104a2cf2b487d7fd
Instruction ID: 6bc7fc920d5303970526a68603bdf222b348bf1f391ef0a4d08cf82e28edfbba
Opcode Fuzzy Hash: 0e9e0142ceab1c1d62a09d175d05b6313edc1af932c84cfd104a2cf2b487d7fd
Instruction Fuzzy Hash: EA31C3B5905204DFC720DF98E8A05AFFBF5FB06304F5408A9E456AB201D735ED05CBA1

Function 00B96F91 Relevance: 1.4, Strings: 1, Instructions: 108COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00B9703B

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 47803abbf2af3213edd7cbe0effeea75c19fba990bd6292a56f006d5412a73bc
Instruction ID: 25c805b5b19c2b639999226b62645046cc6299e30f7bf9e27f4cc0505a507a5a
Opcode Fuzzy Hash: 47803abbf2af3213edd7cbe0effeea75c19fba990bd6292a56f006d5412a73bc
Instruction Fuzzy Hash: 51415971215B04DBDB358F61D994F26BBF2FB09701F2488ACE5869B6A1EB31F8008B10

Function 00BAE66A Relevance: 1.4, Strings: 1, Instructions: 100COMMON

Download Yara Rule

Strings

72?1, xrefs: 00BAE6A2

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID: 72?1
API String ID: 0-1649870076
Opcode ID: 895053e0ae6a93b4ef9d46feb88bd054b128c56ad28bbd280427777e5fdd983d
Instruction ID: 6bcafc8c7b72f1c1f9280b56ae6c101d15234b20cac699581750bb52063b3b05
Opcode Fuzzy Hash: 895053e0ae6a93b4ef9d46feb88bd054b128c56ad28bbd280427777e5fdd983d
Instruction Fuzzy Hash: 5221BCB1A05204DFC720DF98E8A0A6FBBF5FB0A700F540899E446AB241D735ED01CBA2

Function 00BC9CE0 Relevance: 1.3, Strings: 1, Instructions: 87COMMON

Download Yara Rule

Strings

@, xrefs: 00BC9D30

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: @
API String ID: 2994545307-2766056989
Opcode ID: 26de91772cde399e7c8165ad56803710e81e2a9ffd35b9ba3449f51500fcee60
Instruction ID: 952fa37d79ed1e75d7082c353ce277ae8d201ceea9cbae4a98c7ad4d49aebcdc
Opcode Fuzzy Hash: 26de91772cde399e7c8165ad56803710e81e2a9ffd35b9ba3449f51500fcee60
Instruction Fuzzy Hash: 913178705093449BE310DF14D884B2AFBF9EF9A314F24996CE5C6A7251D335D904CBA6

Function 00B94E2A Relevance: 1.0, Instructions: 957COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c71f20e77e190bb0770290e68d94fb74cb361526676fad9938f96dc58a7781ae
Instruction ID: 27f82826908629d576f1de74421d305e0f8efa0e86f887953c84f74921408884
Opcode Fuzzy Hash: c71f20e77e190bb0770290e68d94fb74cb361526676fad9938f96dc58a7781ae
Instruction Fuzzy Hash: 9A6238B0500B009BDB36CF24D990B26BBE6AF59704F5489ACD49A87A52E734F844CBA5

Function 00B8BEB0 Relevance: .9, Instructions: 895COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
Instruction ID: 36b5d78bb98645010a65d7222cd5d5506a737594927857da20ccb57fc996de09
Opcode Fuzzy Hash: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
Instruction Fuzzy Hash: 0C523B715087118BC725EF18E4802BAF7E1FFD4319F298A7DD9C6932A0E734A851CB96

Function 00BC8652 Relevance: .7, Instructions: 710COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65444942a2e67c41f9e4eb960f62f11e6d2550e526a3955daec0e92479ee1b57
Instruction ID: 5a14f49202315771a73334f82b0cfbb2a5f00f021e40ca392bd903393ec860e3
Opcode Fuzzy Hash: 65444942a2e67c41f9e4eb960f62f11e6d2550e526a3955daec0e92479ee1b57
Instruction Fuzzy Hash: 0722BC35609341DFD704DF68E8A0A2AFBE1FB89315F0988AEE5C997351EB35D850CB42

Function 00BC86F0 Relevance: .7, Instructions: 681COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7e557d9a90f22ddf11d33bff43e8f65b630f6c0c29a5106d1e7491633aa8ada
Instruction ID: 5b59ec50107cfa1d0d18dfdd8e0946e8141aa04867b294957193a12603b991ad
Opcode Fuzzy Hash: c7e557d9a90f22ddf11d33bff43e8f65b630f6c0c29a5106d1e7491633aa8ada
Instruction Fuzzy Hash: D222AA35609341DFD704DF68E8A0A1AFBE1FB8A315F09896EE5C987351EB35E850CB42

Function 00B8B3A0 Relevance: .7, Instructions: 670COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c4645cc37f35ad1d10d5cc5935720ac9a118123019bf284361379415a522e61
Instruction ID: f55c7702f04031939c839c14b13ffbf410e7197ac82d6740b1c57ff959b275c5
Opcode Fuzzy Hash: 4c4645cc37f35ad1d10d5cc5935720ac9a118123019bf284361379415a522e61
Instruction Fuzzy Hash: 6352F970908B848FE735EB34C494BA7BBE2EF91314F144CADC5D606BA2C779A885CB51

Function 00B871F0 Relevance: .7, Instructions: 657COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e220a37763a04f8400d6cf15967d8c4e47134eb5b24eb799ddd8f3b7ec87a845
Instruction ID: fc027fa1c7b1d66135b58da1fb37a39fd008f5ca9406d82ef8efa14b68014468
Opcode Fuzzy Hash: e220a37763a04f8400d6cf15967d8c4e47134eb5b24eb799ddd8f3b7ec87a845
Instruction Fuzzy Hash: 7C52E23150C3458FCB15DF29C0D06AABBE1FF89318F298AADE89957361DB34D949CB81

Function 00B88FD0 Relevance: .6, Instructions: 620COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 702bcd38f2216555360462229854c211e521433141ac047221b4eb3dae2c8328
Instruction ID: f9581a5dd283edafb15e5c008aa5cec4dfa4253e16a677d6740082a86880f1e5
Opcode Fuzzy Hash: 702bcd38f2216555360462229854c211e521433141ac047221b4eb3dae2c8328
Instruction Fuzzy Hash: 61424575608342DFDB18CF28D850B6ABBE1BF88315F09886DE4958B3A1DB35D985CF42

Function 00B87BF0 Relevance: .6, Instructions: 592COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9919c81f17b266fd5c7132f2f6fcff561e6d688cfc351ce58d47afbecc3681b3
Instruction ID: cc9f48961ff4afb2f62b8f8b4e978a36d4fcbb1d4ec953a4cc3c72b5b09d3ea3
Opcode Fuzzy Hash: 9919c81f17b266fd5c7132f2f6fcff561e6d688cfc351ce58d47afbecc3681b3
Instruction Fuzzy Hash: F1322270514B118FC368EF29C590526BBF2FF45714BA04AAED6A787BA0DB36F845CB10

Function 00BC89A0 Relevance: .5, Instructions: 545COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c3b37acebdaf7d32be34b4d4ac2e7107a27e4053b8958748e64378605dbf6a2
Instruction ID: 97e8de7166eb2a758646913386af0bd678184778acd6935bf34ba467121d82aa
Opcode Fuzzy Hash: 8c3b37acebdaf7d32be34b4d4ac2e7107a27e4053b8958748e64378605dbf6a2
Instruction Fuzzy Hash: D802A935609241DFD704DF68E890A1AFBF1EF8A315F0989AEE4C987361D736D814CB92

Function 00BC8A80 Relevance: .5, Instructions: 524COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a860899061d9227cb4384d91f38db3cf3380ccd952ae86f3591facc4a820126e
Instruction ID: 8383054f1c3dfec30e541b5a0c461a2217815f6337eafa758493342f13263fd0
Opcode Fuzzy Hash: a860899061d9227cb4384d91f38db3cf3380ccd952ae86f3591facc4a820126e
Instruction Fuzzy Hash: D4F1983560D380DFD704EF68E890A1AFBE1EF8A315F09896DE4C987251D736D910CB92

Function 00BC8C02 Relevance: .5, Instructions: 487COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8e84f3df91d4cdd1119097fd01cb327f813f07939e448da2152b678acfdef02
Instruction ID: c4b5f57eb00561f3dd8ee663e3243aab4012ebab982b78773b51523e9bcccd07
Opcode Fuzzy Hash: a8e84f3df91d4cdd1119097fd01cb327f813f07939e448da2152b678acfdef02
Instruction Fuzzy Hash: 3DE1BD31619341CFD704DF28E890A2AFBE1FB8A315F09896DE4D987351E736E910CB92

Function 00B8A300 Relevance: .5, Instructions: 459COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
Instruction ID: 7e8bea396033ed03e8af300adbcb616676679a14fbe976ec0644561581bb5415
Opcode Fuzzy Hash: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
Instruction Fuzzy Hash: F0F1BD766083418FD724DF29C88166BFBE6EFD8300F08886DE4D587761E639E945CB62

Function 00BC8E70 Relevance: .4, Instructions: 420COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de8b75bf8784d67421ec294ed4d937a14ce4eaafd9b06f36110b2f084a517de2
Instruction ID: dd4e7bf8da4c10eeeef6bfc59fffbebd879ae13cd4e283af26d84eed3492903d
Opcode Fuzzy Hash: de8b75bf8784d67421ec294ed4d937a14ce4eaafd9b06f36110b2f084a517de2
Instruction Fuzzy Hash: 37D19A3461D280DFD705EF28D894A2EFBF5EB8A315F0989ADE4C587251DB36D810CB92

Function 00B94487 Relevance: .4, Instructions: 389COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1e3cca8203bc0e3eb349730785f02d8c05917f5a42164cf931df45133a1c02c
Instruction ID: 5f0fea5af10332fb5ce9a52315c20211d98714e09541718b7387640417938d6d
Opcode Fuzzy Hash: d1e3cca8203bc0e3eb349730785f02d8c05917f5a42164cf931df45133a1c02c
Instruction Fuzzy Hash: 14E1E2B5501B008FD725CF28D992B97B7E1FF06708F0488ADE4AA87762EB35B815CB54

Function 00BC6CBF Relevance: .4, Instructions: 384COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6df66f2fda53f7617dd0752d19bcb02bb128f6dbed5e16f0e31d7192adc74653
Instruction ID: 65891ea4c6624271fa7c2f390ba2a0a2f45ea63016d8e187b8f6edf1d0c41cd7
Opcode Fuzzy Hash: 6df66f2fda53f7617dd0752d19bcb02bb128f6dbed5e16f0e31d7192adc74653
Instruction Fuzzy Hash: 51D1E236619355CFC724CF38D890A2AFBE1EB89314F094A6ED495C73A2E734DA44CB91

Function 00BC7AB0 Relevance: .4, Instructions: 354COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aad5a80b063f94449ecfc9676f7090b964cbefd65fd16e5650da0c28a85e2521
Instruction ID: 65e6906903e9831a11f892cf83bd3cf6ed2521ab1531dec1a8ad20870b6e1978
Opcode Fuzzy Hash: aad5a80b063f94449ecfc9676f7090b964cbefd65fd16e5650da0c28a85e2521
Instruction Fuzzy Hash: A4B127B2A4C3514BD714DA28CC81B6BB7E9EBC4314F0449BDE999D7391EE35DC048B92

Function 00B8AF10 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
Instruction ID: b66e53763ba67b713282bf4072f78b689c6c0df5789a1dec0854e75ba1537ac8
Opcode Fuzzy Hash: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
Instruction Fuzzy Hash: D5C18DB2A187418FC360DF28DC96BABB7E1FF85318F08492DD1D9C6252E778A155CB06

Function 00B96536 Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f80f7ece38609c4f05c8b63d5e91da0ea29cc3468e92abad53a7f4f684cb2a4f
Instruction ID: 5e3db0716a3c6c624e123e7d20afb30fc5c2b7a8a3a257858d87bbab5af89671
Opcode Fuzzy Hash: f80f7ece38609c4f05c8b63d5e91da0ea29cc3468e92abad53a7f4f684cb2a4f
Instruction Fuzzy Hash: D3B110B4600B008BC7258F24C981B67BBF1EF56704F1488ADE8AA8BB52E735F805CB54

Function 00BC7710 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 282c260164616dab28b6d6b19dfd283b3ff98e762086ebf48b0f843943401a43
Instruction ID: 5a59db8d3446cccdf67c520a5795e959feb11a91e54cf2a0443afa1763b8f79b
Opcode Fuzzy Hash: 282c260164616dab28b6d6b19dfd283b3ff98e762086ebf48b0f843943401a43
Instruction Fuzzy Hash: 83919B71649301ABEB20DB15D880FABBBE5EB85350F54889DF99497351EB30E940CFA2

Function 00BCA0D0 Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53dacf53ad8c0bc2912468af4aaea1417c3cb7d89f383019db73df8208be63ad
Instruction ID: f6dbbdf6f2a562c1435c0c71185ed7a0f61d4cf96e3773a99a35bcea01a38d3e
Opcode Fuzzy Hash: 53dacf53ad8c0bc2912468af4aaea1417c3cb7d89f383019db73df8208be63ad
Instruction Fuzzy Hash: 47819C342093498FD724DF28D890F2AB7E5EF89748F5589ACE586CB251E731EC10CB92

Function 00BB64F0 Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31e931ed12eb8153642bae755c9f74fae70245ba32e68d4f586efba6abe6e74b
Instruction ID: 2742956daf1f1c8b385e8bc466cc15d56598ac5e004f2169c167f670fc050b80
Opcode Fuzzy Hash: 31e931ed12eb8153642bae755c9f74fae70245ba32e68d4f586efba6abe6e74b
Instruction Fuzzy Hash: 7D71B633B299904BC3249D7D4C853F5AB835BE6334B3D83B9E9B5CB3E5D9694C064250

Function 00BA28E9 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df7ac5b54fd13cd89c7c45c54aae8d471cac0bc1c99c9c44e5699ffca9de9428
Instruction ID: 25a4a7f80dafbb2f3ddc2b001be55c8c2d7e4598f3c27bdcee9f3e8e3bbfe2f4
Opcode Fuzzy Hash: df7ac5b54fd13cd89c7c45c54aae8d471cac0bc1c99c9c44e5699ffca9de9428
Instruction Fuzzy Hash: C36166B441C3509BD310AF18E891A2BBBF0EFA6750F08899DF4C59B261E379D910CB66

Function 00BA7C00 Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9dd04a2e42de9dde61549aae75dbc8c856ddb49ebc1232b8e25fce45b2129d0
Instruction ID: 3bc5025d96ab8368e1c7bd17841895442e75b1c6bad57ffb8c79e8b01d828f53
Opcode Fuzzy Hash: f9dd04a2e42de9dde61549aae75dbc8c856ddb49ebc1232b8e25fce45b2129d0
Instruction Fuzzy Hash: 3F51BFB168C204ABDB209B24DC92B7737F4EF86364F1489A8F9858B291FB75DC05C761

Function 00C09C16 Relevance: .2, Instructions: 221COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d02c3177a450e90b5a003d41f3f5941be6d8ea2016180766676a28bf2e434140
Instruction ID: 6ebd41b20977dfe6e8b3092674d279ae59b84bfebe9971f22bda83ccc6a0d710
Opcode Fuzzy Hash: d02c3177a450e90b5a003d41f3f5941be6d8ea2016180766676a28bf2e434140
Instruction Fuzzy Hash: 586159B36183049FE304AE7DEC9477AB7E9EBD4720F1A4A3EE6C1C7384E53958418252

Function 00BB1860 Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
Instruction ID: ce2e8b78a7df797f297908cc3fba71ee13e65539f2cff02080e8f28f57e876f2
Opcode Fuzzy Hash: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
Instruction Fuzzy Hash: 9F619D31609341ABD714CE2CC9A07BEBBE2EBC5350FA4CDADE4D98B251D2B0ED859741

Function 00BB82D0 Relevance: .2, Instructions: 215COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9569c2b4297cdd4cab92dcf2e6fdc7ba42b27569bed6daf5819b3d46aaccd09
Instruction ID: 66c07d177d06d636e8c0cbf479a8c3a3b0c98c881b7a3d41734032b962760e75
Opcode Fuzzy Hash: b9569c2b4297cdd4cab92dcf2e6fdc7ba42b27569bed6daf5819b3d46aaccd09
Instruction Fuzzy Hash: 4E612923A5A9914BC325493C5C953F66AC75BE6330F3EC3E6E8B58B3E4CDA94801C341

Function 00B942FC Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93ccbd16066e8893e08fe75601d2d228362e9f496e5517b2bf94d4665f69aa89
Instruction ID: 28f0e91199ad5b3533e6db29062970b6dc94d8976a3cf53836829160b5340121
Opcode Fuzzy Hash: 93ccbd16066e8893e08fe75601d2d228362e9f496e5517b2bf94d4665f69aa89
Instruction Fuzzy Hash: 7B81E6B4810B00AFD360EF39D947797BEF4AB06601F404A6DE4EA97694E7306459CBE3

Function 00BBE8A0 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
Instruction ID: 52bd7fdc8d2814185379200923afb6cb91292a0e3d1a61e67cc5fa671688ba92
Opcode Fuzzy Hash: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
Instruction Fuzzy Hash: AC517CB15083448FE314DF29D4943ABBBE1BB85318F044E2DE4E983351E379D6088F82

Function 00D11FC5 Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1e4d6905ea6da87736cdeac3ae58284a5d4d0ae764c21e51c46ed3d921d4332
Instruction ID: 733238e66dbcd3be4ed7156948721c402ace9e4f666ff462bfa664635e415932
Opcode Fuzzy Hash: f1e4d6905ea6da87736cdeac3ae58284a5d4d0ae764c21e51c46ed3d921d4332
Instruction Fuzzy Hash: 015118F3A186045BE3046E69EC85766B3D6DFD4320F2A453EEB95DB7C0ED7948028682

Function 00BC7520 Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94791c46d10dc27d0d87a1a2e9114089d07cc7e45cc3d70128c153f6b4cafbc4
Instruction ID: f2cc49979824db14c104ba243731812ef17ea0c75ad40e6790fb49b3a4cf7df9
Opcode Fuzzy Hash: 94791c46d10dc27d0d87a1a2e9114089d07cc7e45cc3d70128c153f6b4cafbc4
Instruction Fuzzy Hash: EA51153164D204ABC7159E18DC90F2EF7E6FB85354F288A6CE8E597391DB31EC108BA1

Function 00B85A50 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a287d337da62136a7cd639f74211e7eb8ae3816b40671c96331780b968798ff3
Instruction ID: 3c9ffd1822c8d0fb4329d4e436cf0df3573d4a3b2cb75da5e7d73eaf2542387a
Opcode Fuzzy Hash: a287d337da62136a7cd639f74211e7eb8ae3816b40671c96331780b968798ff3
Instruction Fuzzy Hash: 1651C1B5A047049FC724EF14D890926BBE1FF89324F1546ACE8999B362D631EC42CB92

Function 00E06F86 Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3712542ca3b8df295088de508f01cc7ef0fb7c08ca03fb19db36f3623b92bd7f
Instruction ID: 717a0e434874fbabd461c2da374c31d8931fb6ff7f1cea01b30dcd392c04f361
Opcode Fuzzy Hash: 3712542ca3b8df295088de508f01cc7ef0fb7c08ca03fb19db36f3623b92bd7f
Instruction Fuzzy Hash: D55136B290C200DFD304AE68E98567AFBE1FB14310F255A2DD6C6D7380E6755891DB93

Function 00D2E60D Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a083572d2572613855f647f3ec43e404f25392e83e55f7c3f61850dcabe300e0
Instruction ID: 5e96d6b3f2e5432430deac29c27fc159950434abc59dad935ee12d6fd0234900
Opcode Fuzzy Hash: a083572d2572613855f647f3ec43e404f25392e83e55f7c3f61850dcabe300e0
Instruction Fuzzy Hash: 5A4129F3E091145BE3009D2DDC45766B7E6DBD4321F2A863DDE98D73C8ED3A58048295

Function 00BAEC48 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87dc123494c6b2443b8ec06403b495005ac2a7adb218b01da9303407487f8d5f
Instruction ID: a33a799f3a507b84e9ae3fadf9faf23fca1824611a99f5cca69102f6e7c4ae6f
Opcode Fuzzy Hash: 87dc123494c6b2443b8ec06403b495005ac2a7adb218b01da9303407487f8d5f
Instruction Fuzzy Hash: D5419E74900315DBDF208F98DCA1BADB7F0FF0A350F144599E995AB3A0EB38A951CB91

Function 00BC9B60 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d3c85c25631224effb83dd3d883c5950ae3f4e98c428a1eb494c3d4379cec16
Instruction ID: fa4957e9f369ca814ad68592762a772ed82a8bdd3cc7ceed8537b2d35cc54c19
Opcode Fuzzy Hash: 2d3c85c25631224effb83dd3d883c5950ae3f4e98c428a1eb494c3d4379cec16
Instruction Fuzzy Hash: 7B418D34209300ABE724DF15D994F2BFBEAEB85714F6488ACF58997251D335EC00CBA6

Function 00B92030 Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: efde41dec115ef454ecfe47996d0c2d5501b488eaf2592ecfa1c90d55af3712d
Instruction ID: 3f32b3af08a6f56f276645837d2142959a1d8facdc58d472c02e950f6ff81d20
Opcode Fuzzy Hash: efde41dec115ef454ecfe47996d0c2d5501b488eaf2592ecfa1c90d55af3712d
Instruction Fuzzy Hash: C641F632A083655FD75CCF2AC49463ABBE2ABC5300F09867EE4DA873D4DA748945DB81

Function 00B91E93 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc82f0facc365fc8d9be63c8c76eb6fe4298a03dcbd80798313cdcbdf37e0a08
Instruction ID: 327c511ab52b28e3937b53c85f126f750a06218b38eb94ac38c393c0a65b7103
Opcode Fuzzy Hash: fc82f0facc365fc8d9be63c8c76eb6fe4298a03dcbd80798313cdcbdf37e0a08
Instruction Fuzzy Hash: 1A41F174508380ABD720AB58C884B2EFBF5FB8A354F144D6DF6C497292C376E8149F66

Function 00BC8D8A Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a55845a5a9633ab831a111502547175ea449480b0530746b05c937074a9cc432
Instruction ID: 51a3127b5498dbb9a6431f971e3c3e5fc58cecbe4bd0767e36beacc2d29872dc
Opcode Fuzzy Hash: a55845a5a9633ab831a111502547175ea449480b0530746b05c937074a9cc432
Instruction Fuzzy Hash: C041CF3160C2548FC304DF68C490A2EFBE6EF99300F098AAED4D6D72A1DB74DD018B92

Function 00B9D961 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0ef1302741e79bd7c738c9747ab2f83ff9b37e6ff2031cb064983d4eca1c2ad
Instruction ID: a0d9b1b148af1f1a6caaa55b19b2a9cf7afc7ce0b3dc70bb57b7548ae83e3a8b
Opcode Fuzzy Hash: d0ef1302741e79bd7c738c9747ab2f83ff9b37e6ff2031cb064983d4eca1c2ad
Instruction Fuzzy Hash: AB418BB15093818BD730AF15C891BABB7F0FFA6364F0409A9E58A8B7A1E7744940CB57

Function 00CB9DD0 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 415e87f8d1b4ac0222c92241d6ff3e8b3278fa10396c36b091e3e863847e4502
Instruction ID: cfc7a8926603482eca15841e08ee907ca1dd7f32e9649e41553e5412908105dd
Opcode Fuzzy Hash: 415e87f8d1b4ac0222c92241d6ff3e8b3278fa10396c36b091e3e863847e4502
Instruction Fuzzy Hash: 6C3165F3918300ABF35CAA69EC4677AB7D5EB94710F16453DE7C9833C0E9796800869A

Function 00BBF030 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
Instruction ID: cb1a9a9993c4e764c3f590a5f67e063f5afbe03098174bb339229a9af3d6ecc5
Opcode Fuzzy Hash: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
Instruction Fuzzy Hash: 8B2137329082254BC324EF2DC88167BF7E4EB99704F46867ED8C4A72A5E3759C10C7E1

Function 00BC67EF Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b3dac1963fe65c6c0ee95e75aac1501869a377d27ac74bfb965dac05233582e
Instruction ID: 75df19740bddfb4703415cc96a92ad8bb50bb63aa57ded3b5bd3a6d5e004e654
Opcode Fuzzy Hash: 6b3dac1963fe65c6c0ee95e75aac1501869a377d27ac74bfb965dac05233582e
Instruction Fuzzy Hash: 8F3134705183829AD714CF14C4A0A2FFBF0EF96784F50584DF4C8AB262D738D985CB9A

Function 00BA5E70 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e136509d6349c2194b290cdd8e05833b7a530a75ae207bafc90275cb181878b6
Instruction ID: 27704b394947b5858651570759a125f31bc22939421987bd90e6cffdc935931b
Opcode Fuzzy Hash: e136509d6349c2194b290cdd8e05833b7a530a75ae207bafc90275cb181878b6
Instruction Fuzzy Hash: A221AEB0509201DFD320AF28C85196BBBF4EF92764F44895CF4D99B292E335CA00CBA3

Function 00B849A0 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
Instruction ID: 89e9d35a6c7508da71062becc5682ed5ec450f23fc45b8b95381beea8b957457
Opcode Fuzzy Hash: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
Instruction Fuzzy Hash: 3931EA31648202DFD714AF58D8C0A2BB7E1EF84358F1889BDE89A8B261D331DC42CB46

Function 00BC64B8 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 514ce0e0a1f85099b31181e1e03cb9018cc5a2ce509e27fbf70f61a7bbb63101
Instruction ID: 0897d91454a11d06a50a2ffdffffb5c65b302d988265d73f138283e05f7660f7
Opcode Fuzzy Hash: 514ce0e0a1f85099b31181e1e03cb9018cc5a2ce509e27fbf70f61a7bbb63101
Instruction Fuzzy Hash: 6021737460C2409BC718EF19D8A0E2EFBE2FB95742F28885CE4C593362D734AC51CB66

Function 00BBB650 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction ID: 5255f7dd16aedf3632c8a8bed6eeb46b3f13346be61f04a1608d70d07248df62
Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction Fuzzy Hash: C711C633A051D40FC3168D3C84409B5FFE35AA3234B5943D9E4B59B2D2D7A28D8A9354

Function 00BB0B80 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
Instruction ID: 574d194757ab4afd37247eb29d2496121efa5499a55d525bc83db3f7026ac847
Opcode Fuzzy Hash: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
Instruction Fuzzy Hash: 590175F5A1030147EB30BE54A4D1B7BB6E8EF54718F1845ACD40A57201DBB5EC05C7A1

Function 00BAD1E1 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61f621f87ab97f2b9971cf907d530fab942942cdb6d1ae186cc9e51abc24f687
Instruction ID: 78e2ad119e5f8357c4346213468702e3d4850331269b3bc6c08fe11c27718359
Opcode Fuzzy Hash: 61f621f87ab97f2b9971cf907d530fab942942cdb6d1ae186cc9e51abc24f687
Instruction Fuzzy Hash: BE11ECB0418380AFD310AF61C494A2FFBE5EBA6714F148C4DF6A59B251C379E819CF56

Function 00B86EA0 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c47cc28cc47327dacab4b37c9879e1db698f607514b450dd9b5cc5da082251b1
Instruction ID: 4cdbd428989a573e74f579856401ba2ba648e809c5f35292eb91f53c2af3092b
Opcode Fuzzy Hash: c47cc28cc47327dacab4b37c9879e1db698f607514b450dd9b5cc5da082251b1
Instruction Fuzzy Hash: 11F0B43AB1921A0BA210DDABE884C3BB3D6D7D9355F145538EA41D3211DE72E8069291

Function 00BBB8C0 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
Instruction ID: 6506d07c58c905065930edc77b6421f51c28c54387ea28b09faa2761b04cb969
Opcode Fuzzy Hash: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
Instruction Fuzzy Hash: 1E0162B3A199610B8348CE3DDC1156BBAD15BD5770F19872DBEF5CB3E0D230C8118695

Function 00B9C5F0 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
Instruction ID: afd6f86e1ed7dc578beff9a6215ab27dc393fb41cabbec3b70aacfa27007612f
Opcode Fuzzy Hash: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
Instruction Fuzzy Hash: EB014B72A196204B8308CE3C9C1112ABEE19B86330F158B2EBCFAD73E0D664CD548696

Function 00B9B410 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
Instruction ID: 9d0df39c015c8a2471d0ef5e6f608e7e9e9a6c8ee0819212715ad862575daf8b
Opcode Fuzzy Hash: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
Instruction Fuzzy Hash: D3F0ECB1A0451067DF228A94ACC0F37BBDCCB87354F1904B6E84557303D2A15845C3E5

Function 00BB8220 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02c70e44462fbf6f7c845decd805f997a76f476fec84f7208465b70dab887b3f
Instruction ID: cdb1675524d0a9f7a35830d3fb64fde81db6834ffb8547d0d229ba37945c7e28
Opcode Fuzzy Hash: 02c70e44462fbf6f7c845decd805f997a76f476fec84f7208465b70dab887b3f
Instruction Fuzzy Hash: C401EFB4410B009FC360EF29C845B4BBBE8EB08714F008A1DE8AECB680D770A5488B82

Function 00BC1440 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
Instruction ID: 6c6c2b5a68ad1bf51021673b1e4b3a1df6e81cf1be31ae2834c1af7968a92e98
Opcode Fuzzy Hash: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
Instruction Fuzzy Hash: AAD05E31608321469B688E1DA400A77F7E0EA87B12B49999EF586E3249D230DC41C6A9

Function 00B91ACD Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6defb1cb8a3d548aa44ac912d0fa08f5d215c73eb3b75a789841c26c1d866a32
Instruction ID: ba3ef7807559c1ce362e48ab30d6879c5d46b290da02911bfcf81da02d313012
Opcode Fuzzy Hash: 6defb1cb8a3d548aa44ac912d0fa08f5d215c73eb3b75a789841c26c1d866a32
Instruction Fuzzy Hash: F3C08C34A590028BC208CF04FCE5832B7F9A30B308750707ADA03F3321DF30C8069909

Function 00BC6094 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf485d1e3e1cced687cce04aaa493f4d744d556ae1bb449ffee100e43653ad3c
Instruction ID: d4e5e92f10a56bd63cf39ca61c3cbe1c885fc9349ccfc783414573c11a2ef4b3
Opcode Fuzzy Hash: bf485d1e3e1cced687cce04aaa493f4d744d556ae1bb449ffee100e43653ad3c
Instruction Fuzzy Hash: 23C09B3465D04587924CCF04D961975F3F69B97F1C724B05FC80623257D534D512951D

Function 00B91A3C Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbed0e8e7dd76185ceef0b332170409d86ff9121d4cb9dc7d9cf120d6692c653
Instruction ID: 0195bff3915a69aaaa4f29a122d5cfe6dd42514bb31fe103709789496682ac68
Opcode Fuzzy Hash: dbed0e8e7dd76185ceef0b332170409d86ff9121d4cb9dc7d9cf120d6692c653
Instruction Fuzzy Hash: DDC09B34E99042CBC64CCF8AE8E1831A7FD530B208710347A9713F7361C960D4059509

Function 00BC5FD6 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2215087321.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.2215075710.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215117590.0000000000BE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215131517.0000000000BEA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215143128.0000000000BEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215154933.0000000000BEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215237627.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215249676.0000000000D47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215264660.0000000000D6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215288037.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215298508.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215310361.0000000000D81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215322103.0000000000D88000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215336486.0000000000D9C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215347162.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215357065.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215366843.0000000000D9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215377101.0000000000DA7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215387610.0000000000DAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215405590.0000000000DD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215416252.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215428047.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215441078.0000000000DDC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215451955.0000000000DDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215462562.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215475992.0000000000DEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215487657.0000000000DED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215500671.0000000000DF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215512956.0000000000DFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215523964.0000000000DFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215535320.0000000000DFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215547070.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215560842.0000000000E09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215580051.0000000000E28000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215592473.0000000000E4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215627181.0000000000E78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215643225.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E7A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215655096.0000000000E82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215680328.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2215691443.0000000000E91000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6211e41f60fdb955cba2cf05c75e1a84032c74b0825145bde6cf1a5b63a2e370
Instruction ID: 12c08953fb4ecaef8efb35f54699099f36afde8c372829fbc10e9579d7e35bf5
Opcode Fuzzy Hash: 6211e41f60fdb955cba2cf05c75e1a84032c74b0825145bde6cf1a5b63a2e370
Instruction Fuzzy Hash: AAC09224B6A0018BA28CCF18DD61935F3FA9B8BE1CB14B02FC806A3257E934D512860D

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Windows Analysis Report
file.exe

Function 00BC50FA Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63
libraryCOMMON

Function 00B8FCA0 Relevance: 5.4, Strings: 4, Instructions: 373
COMMON

Function 00B8D110 Relevance: 1.7, APIs: 1, Instructions: 168
COMMON

Function 00BC5700 Relevance: 1.6, APIs: 1, Instructions: 69
memoryCOMMON

Function 00BC5BB0 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Function 00BC695B Relevance: 1.4, Strings: 1, Instructions: 100
COMMON

Function 00B9049B Relevance: .3, Instructions: 264
COMMON

Function 00BC3220 Relevance: 1.6, APIs: 1, Instructions: 59
memoryCOMMON

Function 00BC3202 Relevance: 1.5, APIs: 1, Instructions: 6
memoryCOMMON