Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1540724
MD5:	8e36e9abc7b33f091517d38121597df9
SHA1:	32604dd99a48b06e2de986bfe0ce390b15d46438
SHA256:	4369e552bc7c2fb81801c23c40cf4c047a0d1aeabe8cce9504a2d2cecdb4c145
Tags:	exeuser-Bitsight
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for domain / URL

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Hides threads from debuggers

LummaC encrypted strings found

Machine Learning detection for sample

PE file contains section with special chars

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Detected potential crypto function

Entry point lies outside standard sections

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

file.exe (PID: 7124 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 8E36E9ABC7B33F091517D38121597DF9)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["dissapoiznw.store", "spirittunek.store", "mobbipenju.store", "studennotediw.store", "bathdoomgaz.store", "eaglepawnoy.store", "clearancek.site", "licendfilteo.site"], "Build id": "4SD0y4--legendaryy"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Suricata Signatures

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-24T02:50:07.912657+0200	2056477	1	Domain Observed Used for C2 Detected	192.168.2.6	56415	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-24T02:50:07.837251+0200	2056471	1	Domain Observed Used for C2 Detected	192.168.2.6	61962	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-24T02:50:07.888060+0200	2056481	1	Domain Observed Used for C2 Detected	192.168.2.6	53022	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-24T02:50:07.875683+0200	2056483	1	Domain Observed Used for C2 Detected	192.168.2.6	51784	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-24T02:50:07.935205+0200	2056473	1	Domain Observed Used for C2 Detected	192.168.2.6	60275	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-24T02:50:07.852034+0200	2056485	1	Domain Observed Used for C2 Detected	192.168.2.6	62035	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-24T02:50:07.924355+0200	2056475	1	Domain Observed Used for C2 Detected	192.168.2.6	58916	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-24T02:50:07.900809+0200	2056479	1	Domain Observed Used for C2 Detected	192.168.2.6	61782	1.1.1.1	53	UDP

ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-24T02:50:09.549223+0200	2858666	1	Domain Observed Used for C2 Detected	192.168.2.6	49711	104.102.49.254	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://steamcommunity.com:443/profiles/76561199724331900

URL Reputation: Label: malware

Found malware configuration

Source: file.exe.7124.0.memstrmin

Malware Configuration Extractor: LummaC {"C2 url": ["dissapoiznw.store", "spirittunek.store", "mobbipenju.store", "studennotediw.store", "bathdoomgaz.store", "eaglepawnoy.store", "clearancek.site", "licendfilteo.site"], "Build id": "4SD0y4--legendaryy"}

Multi AV Scanner detection for domain / URL

Source: eaglepawnoy.store	Virustotal: Detection: 18%	Perma Link
Source: bathdoomgaz.store	Virustotal: Detection: 21%	Perma Link
Source: spirittunek.store	Virustotal: Detection: 21%	Perma Link
Source: studennotediw.store	Virustotal: Detection: 20%	Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: clearancek.site
Source: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: licendfilteo.site
Source: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: spirittunek.store
Source: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: bathdoomgaz.store
Source: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: studennotediw.store
Source: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: dissapoiznw.store
Source: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: eaglepawnoy.store
Source: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: mobbipenju.store
Source: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: clearancek.site
Source: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: 4SD0y4--legendaryy

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49711 version: TLS 1.2

Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00CE50FA
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00CAD110
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00CAD110
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh	0_2_00CE63B8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	0_2_00CE99D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h	0_2_00CE695B
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	0_2_00CAFCA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00CE6094
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	0_2_00CE4040
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, dword ptr [edx]	0_2_00CA1000
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	0_2_00CB6F91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then dec ebx	0_2_00CDF030
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	0_2_00CCD1E1
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00CB42FC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_00CC2260
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [esi], ax	0_2_00CC2260
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00CD23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00CD23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00CD23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_00CD23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00CD23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+14h]	0_2_00CD23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebp, eax	0_2_00CAA300
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh	0_2_00CE64B8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx eax, word ptr [esi+ecx]	0_2_00CE1440
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00CBD457
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	0_2_00CCC470
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00CCE40C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp], 00000000h	0_2_00CBB410
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [ecx+esi+25h]	0_2_00CA8590
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00CC9510
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh	0_2_00CE7520
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00CB6536
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_00CDB650
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00CCE66A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+08h]	0_2_00CE67EF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00CCD7AF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00CE5700
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [edi+eax]	0_2_00CE7710
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_00CC28E9
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+edi]	0_2_00CA49A0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h	0_2_00CBD961
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h	0_2_00CE3920
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00CB1ACD
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	0_2_00CE4A40
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+ebx]	0_2_00CA5A50
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00CB1A3C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+40h]	0_2_00CB1BEE
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00CB3BE2
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_00CD0B80
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+000006B8h]	0_2_00CBDB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h	0_2_00CBDB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	0_2_00CE9B60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h	0_2_00CCCCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00CCCCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h	0_2_00CCCCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00CE9CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh	0_2_00CE9CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00CCAC91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [edx], ax	0_2_00CCAC91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [eax+esi+02h], 0000h	0_2_00CCEC48
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h	0_2_00CC7C00
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh	0_2_00CDFC20
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00CE8D8A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh	0_2_00CCFD10
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00CCDD29
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	0_2_00CB0EEC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+40h]	0_2_00CB1E93
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [ecx+esi]	0_2_00CA6EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp byte ptr [ebx], 00000000h	0_2_00CB6EBF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [ebp+00h]	0_2_00CABEB0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, word ptr [ecx]	0_2_00CCAE57
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00CC7E60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00CC5E70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edi, ecx	0_2_00CB4E2A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h	0_2_00CE7FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00CE7FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [edx], 0000h	0_2_00CBFFDF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00CE5FD6
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00CA8FD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	0_2_00CB6F91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00CC9F62
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00CDFF70

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.6:51784 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.6:60275 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.6:53022 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.6:62035 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.6:58916 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.6:61962 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.6:61782 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.6:56415 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.6:49711 -> 104.102.49.254:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: dissapoiznw.store
Source: Malware configuration extractor	URLs: spirittunek.store
Source: Malware configuration extractor	URLs: mobbipenju.store
Source: Malware configuration extractor	URLs: studennotediw.store
Source: Malware configuration extractor	URLs: bathdoomgaz.store
Source: Malware configuration extractor	URLs: eaglepawnoy.store
Source: Malware configuration extractor	URLs: clearancek.site
Source: Malware configuration extractor	URLs: licendfilteo.site

Source: Joe Sandbox View

IP Address: 104.102.49.254 104.102.49.254

Source: Joe Sandbox View

ASN Name: AKAMAI-ASUS AKAMAI-ASUS

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: global traffic

HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

Source: file.exe, 00000000.00000002.2188270274.0000000000786000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: wContent-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cbcfeb0e5371aba24e9977faccad43253; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=9ee59f52704aba6f32d4fb56; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type26105Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveThu, 24 Oct 2024 00:50:09 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: clearancek.site
Source: global traffic	DNS traffic detected: DNS query: mobbipenju.store
Source: global traffic	DNS traffic detected: DNS query: eaglepawnoy.store
Source: global traffic	DNS traffic detected: DNS query: dissapoiznw.store
Source: global traffic	DNS traffic detected: DNS query: studennotediw.store
Source: global traffic	DNS traffic detected: DNS query: bathdoomgaz.store
Source: global traffic	DNS traffic detected: DNS query: spirittunek.store
Source: global traffic	DNS traffic detected: DNS query: licendfilteo.site
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com

Source: file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:27060
Source: file.exe, 00000000.00000003.2187824927.00000000007BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188101778.000000000076D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188313675.00000000007BD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: file.exe, 00000000.00000003.2187824927.00000000007BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188101778.000000000076D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188313675.00000000007BD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000000.00000003.2187824927.00000000007BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188101778.000000000076D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188313675.00000000007BD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.steampowered.com/
Source: file.exe, 00000000.00000002.2188101778.000000000073F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bathdoomgaz.store:443/apiB
Source: file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/
Source: file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkout.steampowered.com/
Source: file.exe, 00000000.00000002.2188101778.0000000000755000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clearancek.site/api
Source: file.exe, 00000000.00000002.2188101778.000000000073F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clearancek.site:443/apibcryptPrimitives.dll
Source: file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/
Source: file.exe, 00000000.00000003.2187824927.00000000007BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188101778.000000000076D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188313675.00000000007BD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=ljhW-PbGuX
Source: file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.00000000007C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188313675.00000000007C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188270274.0000000000786000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=pwVcIAtHNXwg&l=english&am
Source: file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.00000000007C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188313675.00000000007C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188270274.0000000000786000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/fatalerror.css?v=wctRWaBvNt2z&l=e
Source: file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.00000000007C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188313675.00000000007C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188270274.0000000000786000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4BMeDcNiCU&l=engli
Source: file.exe, 00000000.00000003.2187824927.00000000007BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188101778.000000000076D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188313675.00000000007BD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: file.exe, 00000000.00000003.2187824927.00000000007BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188101778.000000000076D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188313675.00000000007BD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b
Source: file.exe, 00000000.00000003.2187824927.00000000007BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188101778.000000000076D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188313675.00000000007BD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=W9BX
Source: file.exe, 00000000.00000003.2187824927.00000000007BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188101778.000000000076D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188313675.00000000007BD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=
Source: file.exe, 00000000.00000003.2187824927.00000000007BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=bOP7RorZq4_W&l=englis
Source: file.exe, 00000000.00000003.2187824927.00000000007BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&
Source: file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.00000000007C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188313675.00000000007C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188270274.0000000000786000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&
Source: file.exe, 00000000.00000003.2187824927.00000000007BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpE
Source: file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.00000000007C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188313675.00000000007C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188270274.0000000000786000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&l=engl
Source: file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.00000000007C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188313675.00000000007C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188270274.0000000000786000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&l=
Source: file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.00000000007C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188313675.00000000007C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188270274.0000000000786000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=Ff_1prscqzeu&
Source: file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.00000000007C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188313675.00000000007C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188270274.0000000000786000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&
Source: file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p
Source: file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: file.exe, 00000000.00000003.2187824927.00000000007BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1
Source: file.exe, 00000000.00000003.2187824927.00000000007BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcV
Source: file.exe, 00000000.00000003.2187824927.00000000007BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v
Source: file.exe, 00000000.00000003.2187824927.00000000007BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&amp
Source: file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/
Source: file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/en/
Source: file.exe, 00000000.00000002.2188101778.000000000073F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://licendfilteo.site:443/api
Source: file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.steampowered.com/
Source: file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lv.queniujq.cn
Source: file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://medal.tv
Source: file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://player.vimeo.com
Source: file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net
Source: file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.ytimg.com;
Source: file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sketchfab.com
Source: file.exe, 00000000.00000002.2188101778.000000000073F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://spirittunek.store:443/api
Source: file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steam.tv/
Source: file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast.akamaized.net
Source: file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: file.exe, 00000000.00000003.2187824927.00000000007BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188101778.000000000076D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188313675.00000000007BD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com
Source: file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/discussions/
Source: file.exe, 00000000.00000003.2187824927.00000000007BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188101778.000000000076D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188313675.00000000007BD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/market/
Source: file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: file.exe, 00000000.00000002.2188101778.0000000000755000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
Source: file.exe, 00000000.00000002.2188101778.0000000000736000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900#r
Source: file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/workshop/
Source: file.exe, 00000000.00000002.2188101778.000000000073F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900
Source: file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/
Source: file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188270274.0000000000786000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;
Source: file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cbcfeb0e5371aba2
Source: file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/about/
Source: file.exe, 00000000.00000003.2187824927.00000000007BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/explore/
Source: file.exe, 00000000.00000003.2187824927.00000000007BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188101778.000000000076D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188313675.00000000007BD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/legal/
Source: file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/mobile
Source: file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/news/
Source: file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/stats/
Source: file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: file.exe, 00000000.00000002.2188101778.000000000073F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://studennotediw.store:443/api
Source: file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/
Source: file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: file.exe, 00000000.00000003.2187824927.00000000007BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188313675.00000000007BD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com
Source: file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443

Source: unknown

HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49711 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB0228	0_2_00CB0228
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CEA0D0	0_2_00CEA0D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE4040	0_2_00CE4040
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D1A06E	0_2_00D1A06E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA1000	0_2_00CA1000
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E70004	0_2_00E70004
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB2030	0_2_00CB2030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E3E1CD	0_2_00E3E1CD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA71F0	0_2_00CA71F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CAE1A0	0_2_00CAE1A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA5160	0_2_00CA5160
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E75101	0_2_00E75101
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD82D0	0_2_00CD82D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD12D0	0_2_00CD12D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3A2F2	0_2_00D3A2F2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA12F7	0_2_00CA12F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD23E0	0_2_00CD23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CAB3A0	0_2_00CAB3A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CAA300	0_2_00CAA300
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E6E4F1	0_2_00E6E4F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E134D4	0_2_00E134D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD64F0	0_2_00CD64F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB4487	0_2_00CB4487
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB049B	0_2_00CB049B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCC470	0_2_00CCC470
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CBC5F0	0_2_00CBC5F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA8590	0_2_00CA8590
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA35B0	0_2_00CA35B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E7856F	0_2_00E7856F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA1569	0_2_00CA1569
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE86F0	0_2_00CE86F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE8652	0_2_00CE8652
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CDF620	0_2_00CDF620
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E017EB	0_2_00E017EB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CDB8C0	0_2_00CDB8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CDE8A0	0_2_00CDE8A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CAA850	0_2_00CAA850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD1860	0_2_00CD1860
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E17836	0_2_00E17836
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E33819	0_2_00E33819
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E5F9CC	0_2_00E5F9CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC098B	0_2_00CC098B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE89A0	0_2_00CE89A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E71AD3	0_2_00E71AD3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE8A80	0_2_00CE8A80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EDBA91	0_2_00EDBA91
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE7AB0	0_2_00CE7AB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E73A66	0_2_00E73A66
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE4A40	0_2_00CE4A40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E08A40	0_2_00E08A40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DBEA72	0_2_00DBEA72
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA7BF0	0_2_00CA7BF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DBCB92	0_2_00DBCB92
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CBDB6F	0_2_00CBDB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCCCD0	0_2_00CCCCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE6CBF	0_2_00CE6CBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE8C02	0_2_00CE8C02
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC8D62	0_2_00CC8D62
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCFD10	0_2_00CCFD10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E76D05	0_2_00E76D05
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCDD29	0_2_00CCDD29
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB6EBF	0_2_00CB6EBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CABEB0	0_2_00CABEB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCAE57	0_2_00CCAE57
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE8E70	0_2_00CE8E70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB4E2A	0_2_00CB4E2A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE7FC0	0_2_00CE7FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA8FD0	0_2_00CA8FD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D43FFB	0_2_00D43FFB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E6AF5D	0_2_00E6AF5D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CAAF10	0_2_00CAAF10

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00CACAA0 appears 48 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00CBD300 appears 152 times

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: ZLIB complexity 0.9995423370462047

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/0@9/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00CD8220 CoCreateInstance,

0_2_00CD8220

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior

Source: file.exe

Static file information: File size 2930688 > 1048576

Source: file.exe

Static PE information: Raw size of odwuzsrd is bigger than: 0x100000 < 0x2a2200

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.ca0000.0.unpack :EW;.rsrc :W;.idata :W;odwuzsrd:EW;hflvoogh:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;odwuzsrd:EW;hflvoogh:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x2d92b8 should be: 0x2cbeaa

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name: odwuzsrd
Source: file.exe	Static PE information: section name: hflvoogh
Source: file.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F2C0C5 push ebp; mov dword ptr [esp], edi	0_2_00F2C0C9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F2C0C5 push 06394BC9h; mov dword ptr [esp], ebx	0_2_00F2C0EA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F2C0C5 push ecx; mov dword ptr [esp], ebp	0_2_00F2C105
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F2C0C5 push 6544AC9Dh; mov dword ptr [esp], eax	0_2_00F2C19B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EDD0BF push ecx; mov dword ptr [esp], 56A54B8Ch	0_2_00EDD24C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F2808C push edi; mov dword ptr [esp], ebp	0_2_00F28108
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0705E push edx; mov dword ptr [esp], 6BFAE7AFh	0_2_00D089EF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F9106D push 288925DBh; mov dword ptr [esp], ebx	0_2_00F910B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D1A06E push esi; mov dword ptr [esp], ecx	0_2_00D1A08B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D1A06E push eax; mov dword ptr [esp], esi	0_2_00D1A0D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D1A06E push edx; mov dword ptr [esp], esi	0_2_00D1A11B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E70004 push 33F04D9Ah; mov dword ptr [esp], edx	0_2_00E70018
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E70004 push ebx; mov dword ptr [esp], edi	0_2_00E7013E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E70004 push ebp; mov dword ptr [esp], esi	0_2_00E7016A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E70004 push esi; mov dword ptr [esp], ebx	0_2_00E70181
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E70004 push 7FE0FB73h; mov dword ptr [esp], ebx	0_2_00E701E9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E70004 push ebx; mov dword ptr [esp], edi	0_2_00E70231
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E70004 push 77DC9FDCh; mov dword ptr [esp], edi	0_2_00E70279
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E70004 push 7F1F4E28h; mov dword ptr [esp], ecx	0_2_00E70378
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E70004 push edi; mov dword ptr [esp], edx	0_2_00E70395
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E70004 push 01ED48B5h; mov dword ptr [esp], edi	0_2_00E70407
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E70004 push edi; mov dword ptr [esp], 403AC700h	0_2_00E7040B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E70004 push esi; mov dword ptr [esp], 7FCF06F4h	0_2_00E70416
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E70004 push eax; mov dword ptr [esp], edx	0_2_00E70465
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E70004 push 21C076F7h; mov dword ptr [esp], eax	0_2_00E704C3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E70004 push eax; mov dword ptr [esp], edi	0_2_00E70517
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E70004 push 00A15576h; mov dword ptr [esp], ecx	0_2_00E70558
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E70004 push edx; mov dword ptr [esp], 7AA6E21Ah	0_2_00E7066E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E70004 push 4D927AA1h; mov dword ptr [esp], ebx	0_2_00E7067D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E70004 push edx; mov dword ptr [esp], ecx	0_2_00E706C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E70004 push ecx; mov dword ptr [esp], ebp	0_2_00E70721

Source: file.exe

Static PE information: section name: entropy: 7.983005907575337

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D04144 second address: D04148 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7D259 second address: E7D279 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 jmp 00007FF078BEF023h 0x0000000e popad 0x0000000f push ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7D279 second address: E7D27F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7C41D second address: E7C434 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF078BEF021h 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7C434 second address: E7C452 instructions: 0x00000000 rdtsc 0x00000002 je 00007FF0795ECC52h 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c jne 00007FF0795ECC46h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7C5CB second address: E7C5CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7C71E second address: E7C72D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 je 00007FF0795ECC46h 0x0000000c push esi 0x0000000d pop esi 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7CB07 second address: E7CB39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pushad 0x0000000c push edi 0x0000000d pop edi 0x0000000e jmp 00007FF078BEF029h 0x00000013 popad 0x00000014 popad 0x00000015 jc 00007FF078BEF03Ch 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7F195 second address: E7F1FD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF0795ECC4Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a pushad 0x0000000b popad 0x0000000c pop ecx 0x0000000d popad 0x0000000e push eax 0x0000000f jl 00007FF0795ECC4Eh 0x00000015 nop 0x00000016 mov dl, bh 0x00000018 push 00000000h 0x0000001a jp 00007FF0795ECC4Ch 0x00000020 mov dword ptr [ebp+122D21ECh], ebx 0x00000026 call 00007FF0795ECC49h 0x0000002b jns 00007FF0795ECC58h 0x00000031 jmp 00007FF0795ECC52h 0x00000036 push eax 0x00000037 pushad 0x00000038 pushad 0x00000039 push edx 0x0000003a pop edx 0x0000003b jnc 00007FF0795ECC46h 0x00000041 popad 0x00000042 push eax 0x00000043 push edx 0x00000044 push eax 0x00000045 pop eax 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7F1FD second address: E7F21B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF078BEF01Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e jns 00007FF078BEF024h 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7F21B second address: E7F2EB instructions: 0x00000000 rdtsc 0x00000002 je 00007FF0795ECC46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c jmp 00007FF0795ECC4Ah 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 push esi 0x00000016 pushad 0x00000017 jmp 00007FF0795ECC57h 0x0000001c jc 00007FF0795ECC46h 0x00000022 popad 0x00000023 pop esi 0x00000024 pop eax 0x00000025 call 00007FF0795ECC56h 0x0000002a mov edx, dword ptr [ebp+122D3813h] 0x00000030 pop edx 0x00000031 push 00000003h 0x00000033 mov edx, eax 0x00000035 push 00000000h 0x00000037 jno 00007FF0795ECC4Ch 0x0000003d push 00000003h 0x0000003f stc 0x00000040 push 9FA9FEF3h 0x00000045 push esi 0x00000046 jmp 00007FF0795ECC59h 0x0000004b pop esi 0x0000004c xor dword ptr [esp], 5FA9FEF3h 0x00000053 cld 0x00000054 lea ebx, dword ptr [ebp+1244F00Eh] 0x0000005a push 00000000h 0x0000005c push eax 0x0000005d call 00007FF0795ECC48h 0x00000062 pop eax 0x00000063 mov dword ptr [esp+04h], eax 0x00000067 add dword ptr [esp+04h], 0000001Ah 0x0000006f inc eax 0x00000070 push eax 0x00000071 ret 0x00000072 pop eax 0x00000073 ret 0x00000074 or dword ptr [ebp+122D3515h], ebx 0x0000007a mov edx, dword ptr [ebp+122D364Bh] 0x00000080 xchg eax, ebx 0x00000081 pushad 0x00000082 push eax 0x00000083 push edx 0x00000084 push edi 0x00000085 pop edi 0x00000086 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7F39F second address: E7F42D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push edx 0x0000000c call 00007FF078BEF018h 0x00000011 pop edx 0x00000012 mov dword ptr [esp+04h], edx 0x00000016 add dword ptr [esp+04h], 0000001Ch 0x0000001e inc edx 0x0000001f push edx 0x00000020 ret 0x00000021 pop edx 0x00000022 ret 0x00000023 push eax 0x00000024 jmp 00007FF078BEF025h 0x00000029 pop esi 0x0000002a and dx, 8833h 0x0000002f push 00000000h 0x00000031 movsx edi, dx 0x00000034 push A3C8FA09h 0x00000039 jno 00007FF078BEF01Eh 0x0000003f add dword ptr [esp], 5C370677h 0x00000046 mov cx, di 0x00000049 push 00000003h 0x0000004b mov cx, 9B00h 0x0000004f push 00000000h 0x00000051 mov dword ptr [ebp+122D1C0Ch], edi 0x00000057 mov ecx, edi 0x00000059 push 00000003h 0x0000005b sub dword ptr [ebp+122D1DDBh], esi 0x00000061 push DBB40806h 0x00000066 push eax 0x00000067 push edx 0x00000068 push eax 0x00000069 push edx 0x0000006a push eax 0x0000006b push edx 0x0000006c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7F42D second address: E7F431 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7F431 second address: E7F437 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7F4C6 second address: E7F4DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF0795ECC55h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7F4DF second address: E7F514 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b mov edx, 27575399h 0x00000010 push 00000000h 0x00000012 mov dword ptr [ebp+122D1C7Dh], esi 0x00000018 call 00007FF078BEF019h 0x0000001d push edi 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007FF078BEF021h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7F514 second address: E7F53C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push esi 0x00000009 jmp 00007FF0795ECC54h 0x0000000e pop esi 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7F53C second address: E7F540 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7F540 second address: E7F546 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7F546 second address: E7F596 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF078BEF026h 0x00000008 push esi 0x00000009 pop esi 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [eax] 0x0000000f jmp 00007FF078BEF021h 0x00000014 mov dword ptr [esp+04h], eax 0x00000018 pushad 0x00000019 pushad 0x0000001a pushad 0x0000001b popad 0x0000001c jmp 00007FF078BEF021h 0x00000021 popad 0x00000022 pushad 0x00000023 pushad 0x00000024 popad 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7F596 second address: E7F5EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pop eax 0x00000007 jng 00007FF0795ECC4Ah 0x0000000d push 00000003h 0x0000000f push edi 0x00000010 mov ecx, ebx 0x00000012 pop esi 0x00000013 push 00000000h 0x00000015 mov dword ptr [ebp+122D1C29h], esi 0x0000001b mov cx, EA0Bh 0x0000001f push 00000003h 0x00000021 or dword ptr [ebp+122D1CE7h], ebx 0x00000027 call 00007FF0795ECC49h 0x0000002c jmp 00007FF0795ECC55h 0x00000031 push eax 0x00000032 jbe 00007FF0795ECC50h 0x00000038 push eax 0x00000039 push edx 0x0000003a pushad 0x0000003b popad 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7F5EA second address: E7F622 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a jnl 00007FF078BEF02Ah 0x00000010 mov eax, dword ptr [eax] 0x00000012 push esi 0x00000013 push edi 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 pop edi 0x00000017 pop esi 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f pushad 0x00000020 popad 0x00000021 pushad 0x00000022 popad 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7F622 second address: E7F62C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007FF0795ECC46h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7F62C second address: E7F651 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 mov edx, dword ptr [ebp+122D36EBh] 0x0000000f lea ebx, dword ptr [ebp+1244F022h] 0x00000015 or dx, E3F2h 0x0000001a xchg eax, ebx 0x0000001b push eax 0x0000001c push edx 0x0000001d jno 00007FF078BEF018h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7F651 second address: E7F656 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E9EFDF second address: E9F006 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FF078BEF01Fh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FF078BEF022h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E9F006 second address: E9F018 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FF0795ECC48h 0x00000008 push eax 0x00000009 push edx 0x0000000a jne 00007FF0795ECC46h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E9F168 second address: E9F18A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF078BEF01Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b pop eax 0x0000000c jnl 00007FF078BEF016h 0x00000012 jno 00007FF078BEF016h 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E9F18A second address: E9F190 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E9F190 second address: E9F194 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E9F2B4 second address: E9F2CB instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FF0795ECC4Eh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E9F2CB second address: E9F2CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E9F2CF second address: E9F2D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E9F2D3 second address: E9F2D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E9F455 second address: E9F459 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E9F5B8 second address: E9F5EF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF078BEF029h 0x00000008 jmp 00007FF078BEF01Bh 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 jno 00007FF078BEF016h 0x00000019 pop ebx 0x0000001a push esi 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E9F5EF second address: E9F5F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E9F5F6 second address: E9F613 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF078BEF028h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E9F751 second address: E9F755 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E9F755 second address: E9F770 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF078BEF01Dh 0x00000007 jo 00007FF078BEF016h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E9F770 second address: E9F780 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF0795ECC4Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E9F780 second address: E9F784 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E9F784 second address: E9F78A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E9F78A second address: E9F79A instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF078BEF022h 0x00000008 jns 00007FF078BEF016h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E9F79A second address: E9F7AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FF0795ECC4Dh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA0206 second address: EA020A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA020A second address: EA021F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push edx 0x0000000a pop edx 0x0000000b pop ecx 0x0000000c push eax 0x0000000d jg 00007FF0795ECC46h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA021F second address: EA0245 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007FF078BEF026h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d jnp 00007FF078BEF016h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA0B9E second address: EA0BA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA3D0C second address: EA3D60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 popad 0x00000009 pushad 0x0000000a push edx 0x0000000b pop edx 0x0000000c jne 00007FF078BEF016h 0x00000012 jmp 00007FF078BEF025h 0x00000017 popad 0x00000018 jng 00007FF078BEF01Ch 0x0000001e jnp 00007FF078BEF016h 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007FF078BEF01Ah 0x0000002b jmp 00007FF078BEF024h 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA3D60 second address: EA3D64 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EAA16D second address: EAA175 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EAA175 second address: EAA18A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FF0795ECC46h 0x0000000a js 00007FF0795ECC46h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EAA18A second address: EAA194 instructions: 0x00000000 rdtsc 0x00000002 js 00007FF078BEF016h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EAD7C6 second address: EAD7CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EACD9A second address: EACDA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EACDA2 second address: EACDA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EACF24 second address: EACF48 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF078BEF025h 0x00000007 pushad 0x00000008 jo 00007FF078BEF016h 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EAD39A second address: EAD3B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FF0795ECC57h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EAD3B7 second address: EAD3C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007FF078BEF016h 0x0000000a je 00007FF078BEF016h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EAD3C7 second address: EAD3D3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EAFF2B second address: EAFF31 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EAFF31 second address: EAFF5E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FF0795ECC54h 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 jg 00007FF0795ECC46h 0x0000001b pushad 0x0000001c popad 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EAFF5E second address: EAFFCF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007FF078BEF01Ch 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [eax] 0x0000000d jmp 00007FF078BEF021h 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 jmp 00007FF078BEF01Dh 0x0000001b pop eax 0x0000001c call 00007FF078BEF019h 0x00000021 pushad 0x00000022 jno 00007FF078BEF01Ch 0x00000028 jmp 00007FF078BEF023h 0x0000002d popad 0x0000002e push eax 0x0000002f pushad 0x00000030 pushad 0x00000031 pushad 0x00000032 popad 0x00000033 pushad 0x00000034 popad 0x00000035 popad 0x00000036 jng 00007FF078BEF01Ch 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EAFFCF second address: EAFFDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov eax, dword ptr [esp+04h] 0x00000009 push edx 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB034F second address: EB0361 instructions: 0x00000000 rdtsc 0x00000002 js 00007FF078BEF016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jbe 00007FF078BEF01Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB040F second address: EB0413 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB059F second address: EB05A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB0A39 second address: EB0A48 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF0795ECC4Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB0CD1 second address: EB0CD5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB0CD5 second address: EB0CEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FF0795ECC4Eh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB0EAD second address: EB0EB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB0EB1 second address: EB0EB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB1EF5 second address: EB1F0C instructions: 0x00000000 rdtsc 0x00000002 jns 00007FF078BEF018h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jp 00007FF078BEF016h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB1D60 second address: EB1D64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB1F0C second address: EB1F12 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB284A second address: EB284E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB38D7 second address: EB38DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB3B3B second address: EB3B83 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edx 0x00000006 pop edx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push ebx 0x0000000e call 00007FF0795ECC48h 0x00000013 pop ebx 0x00000014 mov dword ptr [esp+04h], ebx 0x00000018 add dword ptr [esp+04h], 00000017h 0x00000020 inc ebx 0x00000021 push ebx 0x00000022 ret 0x00000023 pop ebx 0x00000024 ret 0x00000025 cld 0x00000026 push 00000000h 0x00000028 mov esi, 10F8F53Eh 0x0000002d push 00000000h 0x0000002f clc 0x00000030 push eax 0x00000031 push ebx 0x00000032 push eax 0x00000033 push edx 0x00000034 jmp 00007FF0795ECC4Fh 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB38DB second address: EB38DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB46FF second address: EB471B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF0795ECC58h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB4440 second address: EB4444 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB4444 second address: EB4448 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB4448 second address: EB4456 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jbe 00007FF078BEF016h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB51CC second address: EB51EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FF0795ECC58h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB51EB second address: EB5285 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a pushad 0x0000000b or dword ptr [ebp+122D1C2Eh], ebx 0x00000011 jmp 00007FF078BEF022h 0x00000016 popad 0x00000017 push 00000000h 0x00000019 push 00000000h 0x0000001b push ebx 0x0000001c call 00007FF078BEF018h 0x00000021 pop ebx 0x00000022 mov dword ptr [esp+04h], ebx 0x00000026 add dword ptr [esp+04h], 00000015h 0x0000002e inc ebx 0x0000002f push ebx 0x00000030 ret 0x00000031 pop ebx 0x00000032 ret 0x00000033 sub dword ptr [ebp+122D1FDCh], edx 0x00000039 push 00000000h 0x0000003b add dword ptr [ebp+12461F58h], ebx 0x00000041 xchg eax, ebx 0x00000042 pushad 0x00000043 ja 00007FF078BEF026h 0x00000049 pushad 0x0000004a jmp 00007FF078BEF01Eh 0x0000004f jno 00007FF078BEF016h 0x00000055 popad 0x00000056 popad 0x00000057 push eax 0x00000058 push eax 0x00000059 push edx 0x0000005a pushad 0x0000005b jmp 00007FF078BEF01Fh 0x00000060 ja 00007FF078BEF016h 0x00000066 popad 0x00000067 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB5285 second address: EB528C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB6666 second address: EB666C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB6422 second address: EB6426 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB6426 second address: EB642A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBB2D9 second address: EBB2DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB9485 second address: EB9489 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBB2DD second address: EBB2FE instructions: 0x00000000 rdtsc 0x00000002 jp 00007FF0795ECC46h 0x00000008 jl 00007FF0795ECC46h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pop edx 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FF0795ECC4Bh 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBB2FE second address: EBB30E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jc 00007FF078BEF016h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBB30E second address: EBB312 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E74BE7 second address: E74BFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007FF078BEF022h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E74BFF second address: E74C07 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E74C07 second address: E74C25 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF078BEF026h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E74C25 second address: E74C29 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBB8D6 second address: EBB8E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FF078BEF016h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBB8E1 second address: EBB8E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBC81F second address: EBC824 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBC824 second address: EBC836 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FF0795ECC48h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f pop edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBB9B4 second address: EBB9B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBC836 second address: EBC83A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBB9B9 second address: EBBA3A instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF078BEF018h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f push ebx 0x00000010 mov ebx, 3F7AFB03h 0x00000015 pop ebx 0x00000016 push dword ptr fs:[00000000h] 0x0000001d push 00000000h 0x0000001f push ebp 0x00000020 call 00007FF078BEF018h 0x00000025 pop ebp 0x00000026 mov dword ptr [esp+04h], ebp 0x0000002a add dword ptr [esp+04h], 00000017h 0x00000032 inc ebp 0x00000033 push ebp 0x00000034 ret 0x00000035 pop ebp 0x00000036 ret 0x00000037 or dword ptr [ebp+122D3374h], esi 0x0000003d movsx ebx, di 0x00000040 mov dword ptr fs:[00000000h], esp 0x00000047 or dword ptr [ebp+122D1C78h], edi 0x0000004d mov eax, dword ptr [ebp+122D0A55h] 0x00000053 mov dword ptr [ebp+1244D49Fh], ecx 0x00000059 push ebx 0x0000005a add edi, dword ptr [ebp+122D330Eh] 0x00000060 pop ebx 0x00000061 push FFFFFFFFh 0x00000063 stc 0x00000064 nop 0x00000065 push eax 0x00000066 push edx 0x00000067 jmp 00007FF078BEF025h 0x0000006c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBD907 second address: EBD920 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edi 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jbe 00007FF0795ECC46h 0x00000012 jnp 00007FF0795ECC46h 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBE960 second address: EBE967 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBE967 second address: EBE97B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF0795ECC50h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBF8F9 second address: EBF8FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBEB72 second address: EBEB78 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBEB78 second address: EBEB7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBEB7C second address: EBEB80 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC09AF second address: EC09B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC09B5 second address: EC09B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBFAC0 second address: EBFB48 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push eax 0x0000000d call 00007FF078BEF018h 0x00000012 pop eax 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 add dword ptr [esp+04h], 00000019h 0x0000001f inc eax 0x00000020 push eax 0x00000021 ret 0x00000022 pop eax 0x00000023 ret 0x00000024 pushad 0x00000025 mov ecx, dword ptr [ebp+122D1C8Bh] 0x0000002b popad 0x0000002c mov dword ptr [ebp+122D28B2h], ecx 0x00000032 push dword ptr fs:[00000000h] 0x00000039 mov ebx, 2E66B6F1h 0x0000003e mov dword ptr fs:[00000000h], esp 0x00000045 mov ebx, dword ptr [ebp+122D1C4Eh] 0x0000004b mov eax, dword ptr [ebp+122D09D1h] 0x00000051 mov di, ax 0x00000054 push FFFFFFFFh 0x00000056 push 00000000h 0x00000058 push eax 0x00000059 call 00007FF078BEF018h 0x0000005e pop eax 0x0000005f mov dword ptr [esp+04h], eax 0x00000063 add dword ptr [esp+04h], 00000014h 0x0000006b inc eax 0x0000006c push eax 0x0000006d ret 0x0000006e pop eax 0x0000006f ret 0x00000070 mov bh, ah 0x00000072 jnl 00007FF078BEF016h 0x00000078 push eax 0x00000079 push eax 0x0000007a push edx 0x0000007b push eax 0x0000007c push edx 0x0000007d push eax 0x0000007e push edx 0x0000007f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBFB48 second address: EBFB4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBFB4C second address: EBFB52 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC19C3 second address: EC19C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC1B13 second address: EC1B18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC1BEB second address: EC1BF1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC4ABE second address: EC4AD1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF078BEF01Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC4AD1 second address: EC4AD7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC4AD7 second address: EC4ADB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC4ADB second address: EC4B59 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FF0795ECC46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f push eax 0x00000010 jmp 00007FF0795ECC59h 0x00000015 pop edi 0x00000016 push 00000000h 0x00000018 pushad 0x00000019 clc 0x0000001a call 00007FF0795ECC52h 0x0000001f jmp 00007FF0795ECC56h 0x00000024 pop esi 0x00000025 popad 0x00000026 push 00000000h 0x00000028 push 00000000h 0x0000002a push edx 0x0000002b call 00007FF0795ECC48h 0x00000030 pop edx 0x00000031 mov dword ptr [esp+04h], edx 0x00000035 add dword ptr [esp+04h], 00000016h 0x0000003d inc edx 0x0000003e push edx 0x0000003f ret 0x00000040 pop edx 0x00000041 ret 0x00000042 xchg eax, esi 0x00000043 pushad 0x00000044 push eax 0x00000045 push edx 0x00000046 push eax 0x00000047 push edx 0x00000048 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC4B59 second address: EC4B5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC5BCE second address: EC5BDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FF0795ECC46h 0x0000000a popad 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC5BDC second address: EC5C2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 push eax 0x00000007 jns 00007FF078BEF027h 0x0000000d nop 0x0000000e mov ebx, 6C02F14Fh 0x00000013 push 00000000h 0x00000015 mov ebx, esi 0x00000017 movzx edi, dx 0x0000001a push 00000000h 0x0000001c push 00000000h 0x0000001e push ebx 0x0000001f call 00007FF078BEF018h 0x00000024 pop ebx 0x00000025 mov dword ptr [esp+04h], ebx 0x00000029 add dword ptr [esp+04h], 00000015h 0x00000031 inc ebx 0x00000032 push ebx 0x00000033 ret 0x00000034 pop ebx 0x00000035 ret 0x00000036 push eax 0x00000037 push eax 0x00000038 push edx 0x00000039 push eax 0x0000003a push edx 0x0000003b push edx 0x0000003c pop edx 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC5C2D second address: EC5C33 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC6B4F second address: EC6B53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC8B8A second address: EC8BF1 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 pushad 0x0000000a xor esi, dword ptr [ebp+122D3297h] 0x00000010 mov edi, 3339AA1Eh 0x00000015 popad 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push esi 0x0000001b call 00007FF0795ECC48h 0x00000020 pop esi 0x00000021 mov dword ptr [esp+04h], esi 0x00000025 add dword ptr [esp+04h], 0000001Ch 0x0000002d inc esi 0x0000002e push esi 0x0000002f ret 0x00000030 pop esi 0x00000031 ret 0x00000032 jmp 00007FF0795ECC58h 0x00000037 push 00000000h 0x00000039 sbb ebx, 74704035h 0x0000003f push eax 0x00000040 push eax 0x00000041 push edx 0x00000042 push eax 0x00000043 push edx 0x00000044 jg 00007FF0795ECC46h 0x0000004a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC8BF1 second address: EC8C0A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF078BEF025h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC6DB5 second address: EC6DC6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b jc 00007FF0795ECC46h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC9C03 second address: EC9C36 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF078BEF020h 0x00000008 jmp 00007FF078BEF027h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC9C36 second address: EC9C3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC9C3D second address: EC9C9B instructions: 0x00000000 rdtsc 0x00000002 ja 00007FF078BEF018h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push ebx 0x00000010 call 00007FF078BEF018h 0x00000015 pop ebx 0x00000016 mov dword ptr [esp+04h], ebx 0x0000001a add dword ptr [esp+04h], 00000014h 0x00000022 inc ebx 0x00000023 push ebx 0x00000024 ret 0x00000025 pop ebx 0x00000026 ret 0x00000027 mov bh, dh 0x00000029 push 00000000h 0x0000002b push 00000000h 0x0000002d push ecx 0x0000002e call 00007FF078BEF018h 0x00000033 pop ecx 0x00000034 mov dword ptr [esp+04h], ecx 0x00000038 add dword ptr [esp+04h], 00000014h 0x00000040 inc ecx 0x00000041 push ecx 0x00000042 ret 0x00000043 pop ecx 0x00000044 ret 0x00000045 mov dword ptr [ebp+122D334Dh], edx 0x0000004b adc bx, C7D9h 0x00000050 push 00000000h 0x00000052 mov bl, ah 0x00000054 xchg eax, esi 0x00000055 push eax 0x00000056 push eax 0x00000057 push edx 0x00000058 push eax 0x00000059 push edx 0x0000005a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC9C9B second address: EC9C9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC9C9F second address: EC9CA3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC9CA3 second address: EC9CB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c pop eax 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E6C4F0 second address: E6C4FA instructions: 0x00000000 rdtsc 0x00000002 je 00007FF078BEF016h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E6C4FA second address: E6C541 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FF0795ECC57h 0x0000000b popad 0x0000000c pushad 0x0000000d jnp 00007FF0795ECC5Eh 0x00000013 push eax 0x00000014 push edx 0x00000015 jng 00007FF0795ECC46h 0x0000001b push ebx 0x0000001c pop ebx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E6C541 second address: E6C54B instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF078BEF016h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED0049 second address: ED0053 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FF0795ECC46h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED0053 second address: ED007C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jno 00007FF078BEF02Bh 0x0000000c push eax 0x0000000d push edx 0x0000000e jnp 00007FF078BEF016h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED0227 second address: ED022B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED6CF2 second address: ED6D06 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF078BEF01Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED6D06 second address: ED6D0E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDC91D second address: EDC921 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7304F second address: E73053 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDB52F second address: EDB543 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF078BEF020h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDB543 second address: EDB551 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jc 00007FF0795ECC46h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDB551 second address: EDB55B instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF078BEF016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDB55B second address: EDB583 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007FF0795ECC46h 0x00000009 jmp 00007FF0795ECC56h 0x0000000e popad 0x0000000f ja 00007FF0795ECC4Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDC13A second address: EDC155 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 jmp 00007FF078BEF021h 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDC155 second address: EDC159 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDC159 second address: EDC171 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FF078BEF016h 0x00000008 js 00007FF078BEF016h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jl 00007FF078BEF022h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDC2C5 second address: EDC2DA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF0795ECC4Ch 0x00000007 pushad 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDC45B second address: EDC470 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jnc 00007FF078BEF016h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDC470 second address: EDC48E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF0795ECC59h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDC5FC second address: EDC613 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jnl 00007FF078BEF016h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f jne 00007FF078BEF01Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDC779 second address: EDC77D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDC77D second address: EDC7A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FF078BEF016h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jc 00007FF078BEF028h 0x00000012 jmp 00007FF078BEF022h 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDC7A4 second address: EDC7B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FF0795ECC4Ch 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDC7B9 second address: EDC7BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDC7BF second address: EDC7CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDC7CE second address: EDC7D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDC7D2 second address: EDC7D8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDC7D8 second address: EDC7DD instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDC7DD second address: EDC7E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE1FDD second address: EE1FEF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF078BEF01Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE1FEF second address: EE2001 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FF0795ECC4Ch 0x00000008 jp 00007FF0795ECC46h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE2001 second address: EE2005 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE0B95 second address: EE0BB2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF0795ECC4Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FF0795ECC4Dh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE0D48 second address: EE0D54 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE0EBC second address: EE0EC0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE115B second address: EE115F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE115F second address: EE1163 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE1163 second address: EE1169 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE1169 second address: EE116F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE12DA second address: EE12E4 instructions: 0x00000000 rdtsc 0x00000002 je 00007FF078BEF016h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE12E4 second address: EE1300 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jno 00007FF0795ECC53h 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE1612 second address: EE161C instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF078BEF016h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE161C second address: EE163D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FF0795ECC4Bh 0x0000000c jmp 00007FF0795ECC4Ch 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE163D second address: EE1648 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnp 00007FF078BEF016h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE1648 second address: EE1679 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF0795ECC59h 0x00000009 jnc 00007FF0795ECC46h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 jl 00007FF0795ECC46h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE1679 second address: EE167E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE194D second address: EE1974 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FF0795ECC46h 0x0000000a pop ecx 0x0000000b pushad 0x0000000c jmp 00007FF0795ECC59h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE1974 second address: EE197A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE197A second address: EE197F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE1CC1 second address: EE1CC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE1CC7 second address: EE1CCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE613E second address: EE6158 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF078BEF021h 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE6158 second address: EE6190 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007FF0795ECC50h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jnc 00007FF0795ECC4Ch 0x00000011 popad 0x00000012 push edi 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FF0795ECC4Ch 0x0000001a jbe 00007FF0795ECC46h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE62F4 second address: EE62FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE62FA second address: EE6319 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF0795ECC54h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE6319 second address: EE631F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE6641 second address: EE6687 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b push edi 0x0000000c pop edi 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 jnc 00007FF0795ECC5Fh 0x00000016 jmp 00007FF0795ECC57h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE6687 second address: EE66BF instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007FF078BEF01Fh 0x00000008 jmp 00007FF078BEF021h 0x0000000d pop esi 0x0000000e jo 00007FF078BEF028h 0x00000014 jmp 00007FF078BEF01Ch 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE6A8D second address: EE6A93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE6A93 second address: EE6A99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE6BC8 second address: EE6BD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jp 00007FF0795ECC48h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE6BD5 second address: EE6C28 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FF078BEF035h 0x00000008 jmp 00007FF078BEF029h 0x0000000d jbe 00007FF078BEF016h 0x00000013 jne 00007FF078BEF02Eh 0x00000019 jmp 00007FF078BEF026h 0x0000001e push eax 0x0000001f pop eax 0x00000020 pop edx 0x00000021 pop eax 0x00000022 push eax 0x00000023 push edx 0x00000024 push ecx 0x00000025 pushad 0x00000026 popad 0x00000027 jbe 00007FF078BEF016h 0x0000002d pop ecx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE6C28 second address: EE6C2D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE6D56 second address: EE6D62 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 ja 00007FF078BEF016h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE6D62 second address: EE6D7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF0795ECC51h 0x00000009 jbe 00007FF0795ECC46h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE6D7D second address: EE6D8B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE6D8B second address: EE6D8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE6D8F second address: EE6D9B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b pop esi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE6D9B second address: EE6DA0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE6DA0 second address: EE6DA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE7064 second address: EE706A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE706A second address: EE706F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE706F second address: EE707A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007FF0795ECC46h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE71F4 second address: EE71F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE71F8 second address: EE7212 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF0795ECC54h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE7212 second address: EE7218 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE7218 second address: EE721C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE5EC3 second address: EE5EC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE5EC8 second address: EE5ECD instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEADC7 second address: EEADCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEADCD second address: EEADD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEADD1 second address: EEADF0 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FF078BEF029h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEADF0 second address: EEAE02 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 jmp 00007FF0795ECC4Ch 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEAE02 second address: EEAE06 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEAE06 second address: EEAE11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edi 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EAE78E second address: EAE792 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EAEEDA second address: EAEEDE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EAEEDE second address: EAEEF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b jng 00007FF078BEF016h 0x00000011 pop edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EAEF64 second address: EAEFA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 xchg eax, esi 0x00000005 push 00000000h 0x00000007 push ecx 0x00000008 call 00007FF0795ECC48h 0x0000000d pop ecx 0x0000000e mov dword ptr [esp+04h], ecx 0x00000012 add dword ptr [esp+04h], 0000001Ah 0x0000001a inc ecx 0x0000001b push ecx 0x0000001c ret 0x0000001d pop ecx 0x0000001e ret 0x0000001f mov ecx, 6AC44C76h 0x00000024 nop 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 jmp 00007FF0795ECC4Ch 0x0000002d pop eax 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EAEFA1 second address: EAEFAB instructions: 0x00000000 rdtsc 0x00000002 jng 00007FF078BEF01Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EAF143 second address: EAF147 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EAF29B second address: EAF2F1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jns 00007FF078BEF016h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push edi 0x00000012 call 00007FF078BEF018h 0x00000017 pop edi 0x00000018 mov dword ptr [esp+04h], edi 0x0000001c add dword ptr [esp+04h], 0000001Ah 0x00000024 inc edi 0x00000025 push edi 0x00000026 ret 0x00000027 pop edi 0x00000028 ret 0x00000029 pushad 0x0000002a call 00007FF078BEF01Fh 0x0000002f pop ecx 0x00000030 mov edi, 5E61ED0Dh 0x00000035 popad 0x00000036 push 00000004h 0x00000038 mov edx, dword ptr [ebp+122D1C7Dh] 0x0000003e push eax 0x0000003f pushad 0x00000040 push eax 0x00000041 push edx 0x00000042 pushad 0x00000043 popad 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EAF7CC second address: EAF7D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EAF7D3 second address: EAF7E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF078BEF01Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EAFAE7 second address: EAFAEB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EAFAEB second address: EAFB48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push edi 0x0000000c call 00007FF078BEF018h 0x00000011 pop edi 0x00000012 mov dword ptr [esp+04h], edi 0x00000016 add dword ptr [esp+04h], 00000016h 0x0000001e inc edi 0x0000001f push edi 0x00000020 ret 0x00000021 pop edi 0x00000022 ret 0x00000023 clc 0x00000024 lea eax, dword ptr [ebp+1247E4CDh] 0x0000002a push 00000000h 0x0000002c push edi 0x0000002d call 00007FF078BEF018h 0x00000032 pop edi 0x00000033 mov dword ptr [esp+04h], edi 0x00000037 add dword ptr [esp+04h], 0000001Bh 0x0000003f inc edi 0x00000040 push edi 0x00000041 ret 0x00000042 pop edi 0x00000043 ret 0x00000044 sub edi, 3D5A65A9h 0x0000004a nop 0x0000004b push eax 0x0000004c push edx 0x0000004d pushad 0x0000004e push eax 0x0000004f push edx 0x00000050 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EAFB48 second address: EAFB4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EAFB4F second address: EAFB55 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EAFB55 second address: E94A99 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FF0795ECC46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jmp 00007FF0795ECC4Bh 0x00000012 nop 0x00000013 add edx, dword ptr [ebp+122D3325h] 0x00000019 call dword ptr [ebp+122D2781h] 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007FF0795ECC4Ch 0x00000027 jnl 00007FF0795ECC46h 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF0FAC second address: EF0FB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF0FB2 second address: EF0FB6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF10D8 second address: EF10EB instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a push esi 0x0000000b jbe 00007FF078BEF016h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF1502 second address: EF1508 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF1508 second address: EF1519 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF078BEF01Ch 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF1519 second address: EF1520 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF165C second address: EF1676 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 jmp 00007FF078BEF023h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF1676 second address: EF1686 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 jl 00007FF0795ECC48h 0x0000000e push edx 0x0000000f pop edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF1686 second address: EF1690 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007FF078BEF016h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF1952 second address: EF1975 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007FF0795ECC4Dh 0x0000000b popad 0x0000000c jmp 00007FF0795ECC4Fh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF1975 second address: EF1985 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FF078BEF022h 0x00000008 je 00007FF078BEF016h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF1985 second address: EF1990 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF1990 second address: EF1994 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF55DE second address: EF55E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF8016 second address: EF8025 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push esi 0x00000007 jl 00007FF078BEF016h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF8025 second address: EF802A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF802A second address: EF802F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF82DE second address: EF82E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF82E2 second address: EF82F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007FF078BEF022h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF82F2 second address: EF82F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EFA060 second address: EFA06A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FF078BEF016h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EFA06A second address: EFA06E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F01E53 second address: F01E6C instructions: 0x00000000 rdtsc 0x00000002 jns 00007FF078BEF016h 0x00000008 jne 00007FF078BEF016h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 jc 00007FF078BEF016h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0232D second address: F02335 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F02335 second address: F0233A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F06E0D second address: F06E22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FF0795ECC46h 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e jns 00007FF0795ECC46h 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F06E22 second address: F06E43 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 jmp 00007FF078BEF020h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push edx 0x0000000e ja 00007FF078BEF022h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F06FA5 second address: F06FB4 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FF0795ECC4Ah 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F06FB4 second address: F06FC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F06FC5 second address: F06FC9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F06FC9 second address: F06FCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F07130 second address: F0716D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF0795ECC52h 0x00000009 popad 0x0000000a jmp 00007FF0795ECC50h 0x0000000f push eax 0x00000010 push edx 0x00000011 jno 00007FF0795ECC46h 0x00000017 jmp 00007FF0795ECC4Eh 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F07BF2 second address: F07BF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F07BF7 second address: F07BFD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F07BFD second address: F07C01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F07C01 second address: F07C17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF0795ECC4Dh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0F0C6 second address: F0F0D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FF078BEF016h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0F0D0 second address: F0F0D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0F0D4 second address: F0F0E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FF078BEF016h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0D1DC second address: F0D1E5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push esi 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0D1E5 second address: F0D211 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FF078BEF025h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jg 00007FF078BEF018h 0x00000014 push eax 0x00000015 push eax 0x00000016 pop eax 0x00000017 push edi 0x00000018 pop edi 0x00000019 pop eax 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0D211 second address: F0D217 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0D4D1 second address: F0D4DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FF078BEF016h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0D787 second address: F0D7A5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF0795ECC57h 0x00000007 push ebx 0x00000008 push edi 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0DA40 second address: F0DA47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0DA47 second address: F0DA58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FF0795ECC46h 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0DA58 second address: F0DA5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0DA5C second address: F0DAAC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jo 00007FF0795ECC46h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d pushad 0x0000000e push esi 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 jmp 00007FF0795ECC55h 0x00000016 pop esi 0x00000017 jl 00007FF0795ECC51h 0x0000001d jmp 00007FF0795ECC4Bh 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007FF0795ECC56h 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0EB40 second address: F0EB46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0EB46 second address: F0EB4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0EB4A second address: F0EB69 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF078BEF028h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F13B35 second address: F13B51 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pushad 0x00000006 popad 0x00000007 jmp 00007FF0795ECC53h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F12FA0 second address: F12FAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FF078BEF016h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F12FAA second address: F12FB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F12FB4 second address: F12FBE instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF078BEF016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F13296 second address: F1329C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1329C second address: F132C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push ecx 0x00000008 jmp 00007FF078BEF023h 0x0000000d push edx 0x0000000e pop edx 0x0000000f pop ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F132C0 second address: F132E3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF0795ECC4Ah 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 je 00007FF0795ECC46h 0x00000017 jne 00007FF0795ECC46h 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F132E3 second address: F132EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F132EB second address: F132EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F13454 second address: F13479 instructions: 0x00000000 rdtsc 0x00000002 js 00007FF078BEF023h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jbe 00007FF078BEF016h 0x00000013 push eax 0x00000014 pop eax 0x00000015 push edi 0x00000016 pop edi 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F135B2 second address: F135B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F13868 second address: F13879 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF078BEF01Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F13879 second address: F1387D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1387D second address: F13888 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F18305 second address: F18314 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jno 00007FF0795ECC46h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F18314 second address: F1832C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 ja 00007FF078BEF016h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 jne 00007FF078BEF016h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1832C second address: F18330 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F19947 second address: F1994B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F20456 second address: F20464 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 ja 00007FF0795ECC46h 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F20464 second address: F20468 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F20468 second address: F20472 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FF0795ECC46h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F20472 second address: F2047F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F206F3 second address: F206FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F206FB second address: F20703 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F20703 second address: F20708 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F20708 second address: F20723 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF078BEF023h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F2087F second address: F20885 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F20885 second address: F20899 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FF078BEF01Ch 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F20899 second address: F2089E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F20A07 second address: F20A0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F20A0B second address: F20A26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jmp 00007FF0795ECC53h 0x0000000c pop ebx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F20EA5 second address: F20EA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F20EA9 second address: F20EBD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF0795ECC4Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F20EBD second address: F20EC1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F2168E second address: F21692 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F21692 second address: F21698 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F21698 second address: F2169E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F2169E second address: F216BE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF078BEF027h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F216BE second address: F216D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF0795ECC55h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F216D7 second address: F216DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F216DB second address: F216E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F216E1 second address: F216EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F216EB second address: F216F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F216F1 second address: F216F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1FBC8 second address: F1FBCC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1FBCC second address: F1FBDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007FF078BEF01Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F27F3A second address: F27F3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F3917A second address: F3917E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F3917E second address: F3918A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FF0795ECC46h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F39309 second address: F39328 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 jmp 00007FF078BEF025h 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F39328 second address: F39331 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F39331 second address: F39335 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F39335 second address: F39350 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF0795ECC54h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F3B80A second address: F3B829 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF078BEF020h 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jl 00007FF078BEF016h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F3B829 second address: F3B834 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FF0795ECC46h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F3B834 second address: F3B87C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FF078BEF023h 0x0000000a popad 0x0000000b jmp 00007FF078BEF022h 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FF078BEF029h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F3B87C second address: F3B881 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F3B530 second address: F3B549 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FF078BEF01Fh 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F3B549 second address: F3B54D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F48D91 second address: F48D97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4C70D second address: F4C734 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jc 00007FF0795ECC46h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c ja 00007FF0795ECC4Ah 0x00000012 pop edi 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 jmp 00007FF0795ECC4Bh 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4C734 second address: F4C738 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4C738 second address: F4C767 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007FF0795ECC51h 0x0000000e jmp 00007FF0795ECC51h 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4C767 second address: F4C784 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 je 00007FF078BEF024h 0x0000000b push edx 0x0000000c pop edx 0x0000000d jmp 00007FF078BEF01Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F548D1 second address: F548DD instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FF0795ECC46h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F548DD second address: F548E2 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F54BE4 second address: F54BEA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F54E9A second address: F54E9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F54E9E second address: F54EAE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jnp 00007FF0795ECC46h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F54EAE second address: F54EB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F54EB4 second address: F54EB8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F55986 second address: F55999 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF078BEF01Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F59201 second address: F59207 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F58F97 second address: F58F9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F67DBE second address: F67DCD instructions: 0x00000000 rdtsc 0x00000002 jo 00007FF0795ECC46h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F67DCD second address: F67DD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edi 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F6507B second address: F65087 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FF0795ECC46h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F65087 second address: F6508D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F6508D second address: F65092 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F65092 second address: F65098 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F65098 second address: F6509E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F6509E second address: F650B1 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FF078BEF016h 0x00000008 jns 00007FF078BEF016h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F650B1 second address: F650CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FF0795ECC46h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 ja 00007FF0795ECC46h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F650CB second address: F650CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F75E1F second address: F75E36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FF0795ECC4Fh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F75E36 second address: F75E43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnp 00007FF078BEF01Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F75C96 second address: F75CA2 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F77BEE second address: F77C1F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF078BEF026h 0x00000008 ja 00007FF078BEF016h 0x0000000e jmp 00007FF078BEF020h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F77C1F second address: F77C28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F778E2 second address: F7790D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF078BEF023h 0x00000007 jmp 00007FF078BEF01Ch 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jg 00007FF078BEF01Ch 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F912D5 second address: F912DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F9025B second address: F9025F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F903B6 second address: F903BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F903BA second address: F903C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F9073E second address: F90742 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F90742 second address: F90748 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F90E09 second address: F90E29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 push ecx 0x00000007 jmp 00007FF0795ECC4Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FF0795ECC4Bh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F92AAB second address: F92AAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F92AAF second address: F92AB3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F92AB3 second address: F92B12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF078BEF022h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FF078BEF023h 0x00000010 pop ecx 0x00000011 pushad 0x00000012 jmp 00007FF078BEF021h 0x00000017 jne 00007FF078BEF029h 0x0000001d push eax 0x0000001e push edx 0x0000001f jne 00007FF078BEF016h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F9557E second address: F955A1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF0795ECC55h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jc 00007FF0795ECC4Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F955A1 second address: F955AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jc 00007FF078BEF016h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F95739 second address: F9573D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F9573D second address: F95743 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F9587B second address: F958A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 je 00007FF0795ECC46h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 jmp 00007FF0795ECC55h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F958A7 second address: F958AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F958AC second address: F958B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007FF0795ECC46h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4830D03 second address: 4830D65 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF078BEF029h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax+00000860h] 0x0000000f jmp 00007FF078BEF01Eh 0x00000014 test eax, eax 0x00000016 jmp 00007FF078BEF020h 0x0000001b je 00007FF0EACF502Fh 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007FF078BEF027h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4830D65 second address: 4830D7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF0795ECC54h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB2A7D second address: EB2A98 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF078BEF023h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB2A98 second address: EB2A9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: D039CB instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: EA62AC instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: D01696 instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe TID: 6424

Thread sleep time: -30000s >= -30000s

Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188270274.000000000076F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.2188101778.0000000000729000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWh
Source: file.exe, 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00CE5BB0 LdrInitializeThunk,

0_2_00CE5BB0

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: file.exe	String found in binary or memory: licendfilteo.site
Source: file.exe	String found in binary or memory: clearancek.site
Source: file.exe	String found in binary or memory: bathdoomgaz.store
Source: file.exe	String found in binary or memory: spirittunek.store
Source: file.exe	String found in binary or memory: dissapoiznw.store
Source: file.exe	String found in binary or memory: studennotediw.store
Source: file.exe	String found in binary or memory: mobbipenju.store
Source: file.exe	String found in binary or memory: eaglepawnoy.store

Source: file.exe, file.exe, 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: EAProgram Manager

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 Process Injection	24 Virtualization/Sandbox Evasion	OS Credential Dumping	631 Security Software Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 PowerShell	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Process Injection	LSASS Memory	24 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	11 Deobfuscate/Decode Files or Information	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	4 Obfuscated Files or Information	NTDS	23 System Information Discovery	Distributed Component Object Model	Input Capture	113 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Link
steamcommunity.com	0%	Virustotal	Browse
eaglepawnoy.store	19%	Virustotal	Browse
bathdoomgaz.store	22%	Virustotal	Browse
spirittunek.store	22%	Virustotal	Browse
studennotediw.store	21%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label
https://player.vimeo.com	0%	URL Reputation	safe
https://help.steampowered.com/en/	0%	URL Reputation	safe
https://store.steampowered.com/news/	0%	URL Reputation	safe
https://store.steampowered.com/subscriber_agreement/	0%	URL Reputation	safe
https://www.gstatic.cn/recaptcha/	0%	URL Reputation	safe
http://store.steampowered.com/subscriber_agreement/	0%	URL Reputation	safe
https://recaptcha.net/recaptcha/;	0%	URL Reputation	safe
http://www.valvesoftware.com/legal.htm	0%	URL Reputation	safe
https://store.steampowered.com/stats/	0%	URL Reputation	safe
https://medal.tv	0%	URL Reputation	safe
https://broadcast.st.dl.eccdnx.com	0%	URL Reputation	safe
https://store.steampowered.com/steam_refunds/	0%	URL Reputation	safe
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	0%	URL Reputation	safe
https://login.steampowered.com/	0%	URL Reputation	safe
https://store.steampowered.com/legal/	0%	URL Reputation	safe
https://steam.tv/	0%	URL Reputation	safe
http://store.steampowered.com/privacy_agreement/	0%	URL Reputation	safe
https://steamcommunity.com:443/profiles/76561199724331900	100%	URL Reputation	malware
https://store.steampowered.com/points/shop/	0%	URL Reputation	safe
https://recaptcha.net	0%	URL Reputation	safe
https://store.steampowered.com/	0%	URL Reputation	safe
https://lv.queniujq.cn	0%	URL Reputation	safe
https://store.steampowered.com/privacy_agreement/	0%	URL Reputation	safe
https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	0%	URL Reputation	safe
https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016	0%	URL Reputation	safe
https://checkout.steampowered.com/	0%	URL Reputation	safe
https://help.steampowered.com/	0%	URL Reputation	safe
https://api.steampowered.com/	0%	URL Reputation	safe
http://store.steampowered.com/account/cookiepreferences/	0%	URL Reputation	safe
https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png	0%	URL Reputation	safe
https://store.steampowered.com/mobile	0%	URL Reputation	safe
https://store.steampowered.com/;	0%	URL Reputation	safe
https://store.steampowered.com/about/	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
steamcommunity.com	104.102.49.254	true	true	0%, Virustotal, Browse	unknown
eaglepawnoy.store	unknown	unknown	true	19%, Virustotal, Browse	unknown
bathdoomgaz.store	unknown	unknown	true	22%, Virustotal, Browse	unknown
spirittunek.store	unknown	unknown	true	22%, Virustotal, Browse	unknown
licendfilteo.site	unknown	unknown	true		unknown
studennotediw.store	unknown	unknown	true	21%, Virustotal, Browse	unknown
mobbipenju.store	unknown	unknown	true		unknown
clearancek.site	unknown	unknown	true		unknown
dissapoiznw.store	unknown	unknown	true		unknown

Contacted URLs

Name	Malicious	Reputation
bathdoomgaz.store	true	unknown
studennotediw.store	true	unknown
clearancek.site	true	unknown
dissapoiznw.store	true	unknown
https://steamcommunity.com/profiles/76561199724331900	true	unknown
spirittunek.store	true	unknown
licendfilteo.site	true	unknown
eaglepawnoy.store	true	unknown
mobbipenju.store	true	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://steamcommunity.com/my/wishlist/	file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://player.vimeo.com	file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&	file.exe, 00000000.00000003.2187824927.00000000007BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/?subsection=broadcasts	file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cbcfeb0e5371aba2	file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://help.steampowered.com/en/	file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcV	file.exe, 00000000.00000003.2187824927.00000000007BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/market/	file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/news/	file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/subscriber_agreement/	file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.gstatic.cn/recaptcha/	file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://store.steampowered.com/subscriber_agreement/	file.exe, 00000000.00000003.2187824927.00000000007BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188101778.000000000076D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188313675.00000000007BD000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=	file.exe, 00000000.00000003.2187824927.00000000007BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188101778.000000000076D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188313675.00000000007BD000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org	file.exe, 00000000.00000003.2187824927.00000000007BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188101778.000000000076D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188313675.00000000007BD000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=ljhW-PbGuX	file.exe, 00000000.00000003.2187824927.00000000007BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188101778.000000000076D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188313675.00000000007BD000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://recaptcha.net/recaptcha/;	file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpE	file.exe, 00000000.00000003.2187824927.00000000007BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.valvesoftware.com/legal.htm	file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/discussions/	file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.youtube.com	file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.google.com	file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/stats/	file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=bOP7RorZq4_W&l=englis	file.exe, 00000000.00000003.2187824927.00000000007BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://medal.tv	file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://broadcast.st.dl.eccdnx.com	file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&amp	file.exe, 00000000.00000003.2187824927.00000000007BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://bathdoomgaz.store:443/apiB	file.exe, 00000000.00000002.2188101778.000000000073F000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://store.steampowered.com/steam_refunds/	file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v	file.exe, 00000000.00000003.2187824927.00000000007BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p	file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	file.exe, 00000000.00000003.2187824927.00000000007BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188313675.00000000007BD000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900	file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1	file.exe, 00000000.00000003.2187824927.00000000007BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://s.ytimg.com;	file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/workshop/	file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://login.steampowered.com/	file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/legal/	file.exe, 00000000.00000003.2187824927.00000000007BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188101778.000000000076D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188313675.00000000007BD000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steam.tv/	file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://licendfilteo.site:443/api	file.exe, 00000000.00000002.2188101778.000000000073F000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&l=engl	file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.00000000007C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188313675.00000000007C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188270274.0000000000786000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&l=	file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.00000000007C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188313675.00000000007C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188270274.0000000000786000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=W9BX	file.exe, 00000000.00000003.2187824927.00000000007BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188101778.000000000076D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188313675.00000000007BD000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&	file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.00000000007C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188313675.00000000007C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188270274.0000000000786000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=pwVcIAtHNXwg&l=english&am	file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.00000000007C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188313675.00000000007C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188270274.0000000000786000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://store.steampowered.com/privacy_agreement/	file.exe, 00000000.00000003.2187824927.00000000007BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188101778.000000000076D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188313675.00000000007BD000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&	file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.00000000007C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188313675.00000000007C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188270274.0000000000786000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com:443/profiles/76561199724331900	file.exe, 00000000.00000002.2188101778.000000000073F000.00000004.00000020.00020000.00000000.sdmp	true	URL Reputation: malware	unknown
https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4BMeDcNiCU&l=engli	file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.00000000007C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188313675.00000000007C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188270274.0000000000786000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/points/shop/	file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://recaptcha.net	file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/	file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://clearancek.site/api	file.exe, 00000000.00000002.2188101778.0000000000755000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/css/skin_1/fatalerror.css?v=wctRWaBvNt2z&l=e	file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.00000000007C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188313675.00000000007C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188270274.0000000000786000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com	file.exe, 00000000.00000003.2187824927.00000000007BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188101778.000000000076D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188313675.00000000007BD000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://studennotediw.store:443/api	file.exe, 00000000.00000002.2188101778.000000000073F000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=Ff_1prscqzeu&	file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.00000000007C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188313675.00000000007C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188270274.0000000000786000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://sketchfab.com	file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://lv.queniujq.cn	file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.youtube.com/	file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://127.0.0.1:27060	file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/privacy_agreement/	file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/	file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1	file.exe, 00000000.00000003.2187824927.00000000007BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188101778.000000000076D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188313675.00000000007BD000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://spirittunek.store:443/api	file.exe, 00000000.00000002.2188101778.000000000073F000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016	file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.google.com/recaptcha/	file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://checkout.steampowered.com/	file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://help.steampowered.com/	file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://api.steampowered.com/	file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b	file.exe, 00000000.00000003.2187824927.00000000007BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188101778.000000000076D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188313675.00000000007BD000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://store.steampowered.com/account/cookiepreferences/	file.exe, 00000000.00000003.2187824927.00000000007BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188101778.000000000076D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188313675.00000000007BD000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png	file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/mobile	file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/	file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/profiles/76561199724331900#r	file.exe, 00000000.00000002.2188101778.0000000000736000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/;	file.exe, 00000000.00000003.2187747052.0000000000786000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2188270274.0000000000786000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/about/	file.exe, 00000000.00000003.2187725133.00000000007C2000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://clearancek.site:443/apibcryptPrimitives.dll	file.exe, 00000000.00000002.2188101778.000000000073F000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/	file.exe, 00000000.00000003.2187747052.000000000076E000.00000004.00000020.00020000.00000000.sdmp	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.102.49.254	steamcommunity.com	United States		16625	AKAMAI-ASUS	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1540724
Start date and time:	2024-10-24 02:49:08 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 42s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	2
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@1/0@9/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): dllhost.exe
Excluded domains from analysis (whitelisted): client.wns.windows.com, otelrules.azureedge.net
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
20:50:07	API Interceptor	3x Sleep call for process: file.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.102.49.254	http://gtm-cn-j4g3qqvf603.steamproxy1.com/	Get hash	malicious	Unknown	Browse	www.valvesoftware.com/legal.htm

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
steamcommunity.com	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	xxJfSec58P.exe	Get hash	malicious	Vidar	Browse	104.102.49.254

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASUS	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	104.102.49.254
	https://www.ccleaner.com/	Get hash	malicious	Unknown	Browse	2.19.225.128
	https://download.ccleaner.com/portable/ccsetup629.zip	Get hash	malicious	Unknown	Browse	23.212.89.211
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	https://merzcon-my.sharepoint.com/:f:/g/personal/cnico_merzcon_onmicrosoft_com/EmjHG5K9dP9BtgBBeTTFhjABJRRLGM6IhVrJlwBTMWY8rg?e=pfkS1f	Get hash	malicious	Unknown	Browse	23.38.98.96
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	https://printwithwave.co:443,*	Get hash	malicious	Unknown	Browse	2.19.126.198
	Demande de proposition du CPE Les Coquins.pdf	Get hash	malicious	Unknown	Browse	2.19.126.163
	Demande de proposition du CPE Les Coquins.pdf	Get hash	malicious	Unknown	Browse	2.19.126.163

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	104.102.49.254
	https://t.ly/2jKWO	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.5093744376095035
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	2'930'688 bytes
MD5:	8e36e9abc7b33f091517d38121597df9
SHA1:	32604dd99a48b06e2de986bfe0ce390b15d46438
SHA256:	4369e552bc7c2fb81801c23c40cf4c047a0d1aeabe8cce9504a2d2cecdb4c145
SHA512:	f4514e77d252f1037d3bc9fa609c3d7fd4f9177ce10bf1d9a0daf793a5345af83028b96b77deff46878ef6045b3fa17004fe22013cc46af7e6b4f519f1a420c0
SSDEEP:	49152:MTaN3nppIkINYlRRTwqocgPg5vQIVR0JMrq3mcxpn:wknTIkEYlRRTRoi5Icfrq
TLSH:	6FD54AA3A889B5CFD4CF237C9827CD8B585D03B9871449D3986C64BEEE67CC216B5C24
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...J..f.............................@0...........@..........................p0.......-...@.................................W...k..

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x704000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66FFF14A [Fri Oct 4 13:44:42 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007FF078C37EAAh
setbe byte ptr [eax+eax]
add byte ptr [eax], al
add byte ptr [eax], al
jmp 00007FF078C39EA5h
add byte ptr [esi], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], cl
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], cl
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+00h], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax+00000000h], eax
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x5f057	0x6b	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x5f1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x5d000	0x25e00	24b05072f3922de05f22295bfa79911f	False	0.9995423370462047	data	7.983005907575337	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x5e000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x5f000	0x1000	0x200	fe72def8b74193a84232a780098a7ce0	False	0.150390625	data	1.04205214219471	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
odwuzsrd	0x60000	0x2a3000	0x2a2200	5dac4824cad90c9bbaebf65e6ce6d843	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
hflvoogh	0x303000	0x1000	0x400	9f82e35e711194d11f636473991be499	False	0.8193359375	data	6.308038245541716	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x304000	0x3000	0x2200	34a477cb31d536b1cbf4b6f867cf3091	False	0.061236213235294115	DOS executable (COM)	0.7632882851982353	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-24T02:50:07.837251+0200	2056471	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)	1	192.168.2.6	61962	1.1.1.1	53	UDP
2024-10-24T02:50:07.852034+0200	2056485	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)	1	192.168.2.6	62035	1.1.1.1	53	UDP
2024-10-24T02:50:07.875683+0200	2056483	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)	1	192.168.2.6	51784	1.1.1.1	53	UDP
2024-10-24T02:50:07.888060+0200	2056481	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)	1	192.168.2.6	53022	1.1.1.1	53	UDP
2024-10-24T02:50:07.900809+0200	2056479	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)	1	192.168.2.6	61782	1.1.1.1	53	UDP
2024-10-24T02:50:07.912657+0200	2056477	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)	1	192.168.2.6	56415	1.1.1.1	53	UDP
2024-10-24T02:50:07.924355+0200	2056475	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)	1	192.168.2.6	58916	1.1.1.1	53	UDP
2024-10-24T02:50:07.935205+0200	2056473	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)	1	192.168.2.6	60275	1.1.1.1	53	UDP
2024-10-24T02:50:09.549223+0200	2858666	ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup	1	192.168.2.6	49711	104.102.49.254	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 24, 2024 02:50:07.970523119 CEST	49711	443	192.168.2.6	104.102.49.254
Oct 24, 2024 02:50:07.970541954 CEST	443	49711	104.102.49.254	192.168.2.6
Oct 24, 2024 02:50:07.970638990 CEST	49711	443	192.168.2.6	104.102.49.254
Oct 24, 2024 02:50:07.974004030 CEST	49711	443	192.168.2.6	104.102.49.254
Oct 24, 2024 02:50:07.974018097 CEST	443	49711	104.102.49.254	192.168.2.6
Oct 24, 2024 02:50:08.820811987 CEST	443	49711	104.102.49.254	192.168.2.6
Oct 24, 2024 02:50:08.820911884 CEST	49711	443	192.168.2.6	104.102.49.254
Oct 24, 2024 02:50:08.833111048 CEST	49711	443	192.168.2.6	104.102.49.254
Oct 24, 2024 02:50:08.833148956 CEST	443	49711	104.102.49.254	192.168.2.6
Oct 24, 2024 02:50:08.833427906 CEST	443	49711	104.102.49.254	192.168.2.6
Oct 24, 2024 02:50:08.872944117 CEST	49711	443	192.168.2.6	104.102.49.254
Oct 24, 2024 02:50:08.891707897 CEST	49711	443	192.168.2.6	104.102.49.254
Oct 24, 2024 02:50:08.935339928 CEST	443	49711	104.102.49.254	192.168.2.6
Oct 24, 2024 02:50:09.549210072 CEST	443	49711	104.102.49.254	192.168.2.6
Oct 24, 2024 02:50:09.549241066 CEST	443	49711	104.102.49.254	192.168.2.6
Oct 24, 2024 02:50:09.549263954 CEST	443	49711	104.102.49.254	192.168.2.6
Oct 24, 2024 02:50:09.549282074 CEST	443	49711	104.102.49.254	192.168.2.6
Oct 24, 2024 02:50:09.549299955 CEST	443	49711	104.102.49.254	192.168.2.6
Oct 24, 2024 02:50:09.549371004 CEST	49711	443	192.168.2.6	104.102.49.254
Oct 24, 2024 02:50:09.549402952 CEST	443	49711	104.102.49.254	192.168.2.6
Oct 24, 2024 02:50:09.549436092 CEST	49711	443	192.168.2.6	104.102.49.254
Oct 24, 2024 02:50:09.549462080 CEST	49711	443	192.168.2.6	104.102.49.254
Oct 24, 2024 02:50:09.562079906 CEST	443	49711	104.102.49.254	192.168.2.6
Oct 24, 2024 02:50:09.562115908 CEST	443	49711	104.102.49.254	192.168.2.6
Oct 24, 2024 02:50:09.562186956 CEST	443	49711	104.102.49.254	192.168.2.6
Oct 24, 2024 02:50:09.562279940 CEST	49711	443	192.168.2.6	104.102.49.254
Oct 24, 2024 02:50:09.562279940 CEST	49711	443	192.168.2.6	104.102.49.254
Oct 24, 2024 02:50:09.563498020 CEST	49711	443	192.168.2.6	104.102.49.254
Oct 24, 2024 02:50:09.563517094 CEST	443	49711	104.102.49.254	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 24, 2024 02:50:07.837250948 CEST	61962	53	192.168.2.6	1.1.1.1
Oct 24, 2024 02:50:07.847455025 CEST	53	61962	1.1.1.1	192.168.2.6
Oct 24, 2024 02:50:07.852034092 CEST	62035	53	192.168.2.6	1.1.1.1
Oct 24, 2024 02:50:07.872287989 CEST	53	62035	1.1.1.1	192.168.2.6
Oct 24, 2024 02:50:07.875683069 CEST	51784	53	192.168.2.6	1.1.1.1
Oct 24, 2024 02:50:07.885555983 CEST	53	51784	1.1.1.1	192.168.2.6
Oct 24, 2024 02:50:07.888060093 CEST	53022	53	192.168.2.6	1.1.1.1
Oct 24, 2024 02:50:07.897931099 CEST	53	53022	1.1.1.1	192.168.2.6
Oct 24, 2024 02:50:07.900809050 CEST	61782	53	192.168.2.6	1.1.1.1
Oct 24, 2024 02:50:07.910164118 CEST	53	61782	1.1.1.1	192.168.2.6
Oct 24, 2024 02:50:07.912657022 CEST	56415	53	192.168.2.6	1.1.1.1
Oct 24, 2024 02:50:07.922043085 CEST	53	56415	1.1.1.1	192.168.2.6
Oct 24, 2024 02:50:07.924355030 CEST	58916	53	192.168.2.6	1.1.1.1
Oct 24, 2024 02:50:07.933608055 CEST	53	58916	1.1.1.1	192.168.2.6
Oct 24, 2024 02:50:07.935204983 CEST	60275	53	192.168.2.6	1.1.1.1
Oct 24, 2024 02:50:07.949419975 CEST	53	60275	1.1.1.1	192.168.2.6
Oct 24, 2024 02:50:07.956593037 CEST	58488	53	192.168.2.6	1.1.1.1
Oct 24, 2024 02:50:07.964728117 CEST	53	58488	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 24, 2024 02:50:07.837250948 CEST	192.168.2.6	1.1.1.1	0x667a	Standard query (0)	clearancek.site	A (IP address)	IN (0x0001)	false
Oct 24, 2024 02:50:07.852034092 CEST	192.168.2.6	1.1.1.1	0xcc63	Standard query (0)	mobbipenju.store	A (IP address)	IN (0x0001)	false
Oct 24, 2024 02:50:07.875683069 CEST	192.168.2.6	1.1.1.1	0x4095	Standard query (0)	eaglepawnoy.store	A (IP address)	IN (0x0001)	false
Oct 24, 2024 02:50:07.888060093 CEST	192.168.2.6	1.1.1.1	0x4a7	Standard query (0)	dissapoiznw.store	A (IP address)	IN (0x0001)	false
Oct 24, 2024 02:50:07.900809050 CEST	192.168.2.6	1.1.1.1	0x268c	Standard query (0)	studennotediw.store	A (IP address)	IN (0x0001)	false
Oct 24, 2024 02:50:07.912657022 CEST	192.168.2.6	1.1.1.1	0xeb80	Standard query (0)	bathdoomgaz.store	A (IP address)	IN (0x0001)	false
Oct 24, 2024 02:50:07.924355030 CEST	192.168.2.6	1.1.1.1	0x19c8	Standard query (0)	spirittunek.store	A (IP address)	IN (0x0001)	false
Oct 24, 2024 02:50:07.935204983 CEST	192.168.2.6	1.1.1.1	0x4fe1	Standard query (0)	licendfilteo.site	A (IP address)	IN (0x0001)	false
Oct 24, 2024 02:50:07.956593037 CEST	192.168.2.6	1.1.1.1	0x5543	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 24, 2024 02:50:07.847455025 CEST	1.1.1.1	192.168.2.6	0x667a	Name error (3)	clearancek.site	none	none	A (IP address)	IN (0x0001)	false
Oct 24, 2024 02:50:07.872287989 CEST	1.1.1.1	192.168.2.6	0xcc63	Name error (3)	mobbipenju.store	none	none	A (IP address)	IN (0x0001)	false
Oct 24, 2024 02:50:07.885555983 CEST	1.1.1.1	192.168.2.6	0x4095	Name error (3)	eaglepawnoy.store	none	none	A (IP address)	IN (0x0001)	false
Oct 24, 2024 02:50:07.897931099 CEST	1.1.1.1	192.168.2.6	0x4a7	Name error (3)	dissapoiznw.store	none	none	A (IP address)	IN (0x0001)	false
Oct 24, 2024 02:50:07.910164118 CEST	1.1.1.1	192.168.2.6	0x268c	Name error (3)	studennotediw.store	none	none	A (IP address)	IN (0x0001)	false
Oct 24, 2024 02:50:07.922043085 CEST	1.1.1.1	192.168.2.6	0xeb80	Name error (3)	bathdoomgaz.store	none	none	A (IP address)	IN (0x0001)	false
Oct 24, 2024 02:50:07.933608055 CEST	1.1.1.1	192.168.2.6	0x19c8	Name error (3)	spirittunek.store	none	none	A (IP address)	IN (0x0001)	false
Oct 24, 2024 02:50:07.949419975 CEST	1.1.1.1	192.168.2.6	0x4fe1	Name error (3)	licendfilteo.site	none	none	A (IP address)	IN (0x0001)	false
Oct 24, 2024 02:50:07.964728117 CEST	1.1.1.1	192.168.2.6	0x5543	No error (0)	steamcommunity.com		104.102.49.254	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

steamcommunity.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49711	104.102.49.254	443	7124	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-24 00:50:08 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-10-24 00:50:09 UTC	1917	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https:// [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Thu, 24 Oct 2024 00:50:09 GMT Content-Length: 26105 Connection: close Set-Cookie: sessionid=9ee59f52704aba6f32d4fb56; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7Cbcfeb0e5371aba24e9977faccad43253; Path=/; Secure; HttpOnly; SameSite=None
2024-10-24 00:50:09 UTC	14467	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
2024-10-24 00:50:09 UTC	11638	IN	Data Raw: 22 3f 6c 3d 74 63 68 69 6e 65 73 65 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 74 63 68 69 6e 65 73 65 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e e7 b9 81 e9 ab 94 e4 b8 ad e6 96 87 20 28 54 72 61 64 69 74 69 6f 6e 61 6c 20 43 68 69 6e 65 73 65 29 3c 2f 61 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 20 74 69 67 68 74 22 20 68 72 65 66 3d 22 3f 6c 3d 6a 61 70 61 6e 65 73 65 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 6a 61 70 61 6e 65 73 65 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e e6 97 a5 e6 9c ac e8 aa 9e 20 28 4a Data Ascii: "?l=tchinese" onclick="ChangeLanguage( 'tchinese' ); return false;"> (Traditional Chinese)</a><a class="popup_menu_item tight" href="?l=japanese" onclick="ChangeLanguage( 'japanese' ); return false;"> (J

Target ID:	0
Start time:	20:50:04
Start date:	23/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xca0000
File size:	2'930'688 bytes
MD5 hash:	8E36E9ABC7B33F091517D38121597DF9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	0.9%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	57.8%
Total number of Nodes:	45
Total number of Limit Nodes:	5

Executed Functions

Function 00CE50FA Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNEL32(19A41BB1,00000000,00000800), ref: 00CE5182

Strings

@^, xrefs: 00CE5120
<I$), xrefs: 00CE52E3
<I$), xrefs: 00CE5198

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: LibraryLoad
String ID: <I$)$<I$)$@^
API String ID: 1029625771-935358343
Opcode ID: 51894273c74df254f8f13e4f3dacd1ad3632ce5fdb5a0be89ae70348818eca77
Instruction ID: f2e1677abc1347f7090022d59df6d6cd23c44757bd5429e57cbdd4ba120ef4b8
Opcode Fuzzy Hash: 51894273c74df254f8f13e4f3dacd1ad3632ce5fdb5a0be89ae70348818eca77
Instruction Fuzzy Hash: 13216D352083848FC300DF68D891B6EBBF4AB6A304F69482CE1C5D7362D676DA19CB56

Function 00CAFCA0 Relevance: 5.4, Strings: 4, Instructions: 373
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

J|BJ, xrefs: 00CB000D
t, xrefs: 00CAFCBE
VY^_, xrefs: 00CAFDFF
V, xrefs: 00CAFEDC

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: J|BJ$V$VY^_$t
API String ID: 0-3701112211
Opcode ID: f8ef03a740930835ff29421079600bb25c77eab7730fd22d1d295ffb39c8bd4a
Instruction ID: 1358691ab9cd66b990694493cbd89a860f86fadb99a2fcee3169c110204e5b3f
Opcode Fuzzy Hash: f8ef03a740930835ff29421079600bb25c77eab7730fd22d1d295ffb39c8bd4a
Instruction Fuzzy Hash: 88D1997450C3919BD314DF58D49066FBBE1AF92B48F24882CF4D98B252C336CE0ADB92

Function 00CAD110 Relevance: 1.7, APIs: 1, Instructions: 168
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(00000000), ref: 00CAD2F1

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 6cc02274fc2f3b7720ece5677c8998f2824d1c1069317f5a0d8af906b1ecc353
Instruction ID: eff61c15fb0a8614e23f2f2da4f2b29f880a171f554fc01fbe5a15fd28d40b7d
Opcode Fuzzy Hash: 6cc02274fc2f3b7720ece5677c8998f2824d1c1069317f5a0d8af906b1ecc353
Instruction Fuzzy Hash: BE41527040D381ABC701AB68C584A2EFBF5AF93709F148D0CE5D697612C33AD814DB67

Function 00CE5BB0 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL(00CE973D,005C003F,00000006,?,?,00000018,8C8D8A8B,?,?), ref: 00CE5BDE

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82

Function 00CE695B Relevance: 1.4, Strings: 1, Instructions: 100
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

@, xrefs: 00CE69C5

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 6b4bd33e31f30157bbe1a31036aebefa563390eaa9ce1db490a77cdb63b2c85f
Instruction ID: e4c2620fe75ff50731f2f2685f8942c64d1a5787925fe7e4ae34f3be348c8c4e
Opcode Fuzzy Hash: 6b4bd33e31f30157bbe1a31036aebefa563390eaa9ce1db490a77cdb63b2c85f
Instruction Fuzzy Hash: 0F31AAB19283419FD718EF16D89073EB7F1EF94384F14882CE6C697262E7389A04DB56

Function 00CB049B Relevance: .3, Instructions: 264
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb3e8a798de9bc38da039a382a5fcd6a2075ef19585df1caec9f8cd94b53419f
Instruction ID: ce40d14e65e84e610c59e9206284aa4cadc2cbb4c5f696f14d468c49521f8d7a
Opcode Fuzzy Hash: bb3e8a798de9bc38da039a382a5fcd6a2075ef19585df1caec9f8cd94b53419f
Instruction Fuzzy Hash: 95915975200B40CFD7288F25D894B2BB7F6FB89314F118A6DE8568BAA1D731E816CB50

Function 00CB0228 Relevance: .2, Instructions: 218
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e442f9707926616560fb0a926d5de0a742e686d8255b52cd474904503046d18c
Instruction ID: a157292121d51037ed49c0ba3d3c43cd387d3be4b5018d95044c926bcabc69c2
Opcode Fuzzy Hash: e442f9707926616560fb0a926d5de0a742e686d8255b52cd474904503046d18c
Instruction Fuzzy Hash: 31715974200B41DFD7248F21E894B2BB7B6FF89315F10896DE8568B662D731E81ACB61

Function 00CE99D0 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae1d05dc114b5bd3a4efadcd23075e472e9895c5ea4c79c22e9f2f1fa6516ad4
Instruction ID: 0466f13fb8cb71f261f17a506d4fdaf6a32cab4d7ff79056f9442f3cf0b8b5ab
Opcode Fuzzy Hash: ae1d05dc114b5bd3a4efadcd23075e472e9895c5ea4c79c22e9f2f1fa6516ad4
Instruction Fuzzy Hash: 88419E34608380AFD724EB16D890B2FB7E6EF85714F24882CF69A97251D335ED11DB62

Function 00CE63B8 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: ff0f00d32cf5abdf44da37da863681edaa3712651e858947da16f72648091d04
Instruction ID: ef65ee061e3b5f54efaca25f8d851184072e21ba0377b97cb6d3a3ea7c14bdf8
Opcode Fuzzy Hash: ff0f00d32cf5abdf44da37da863681edaa3712651e858947da16f72648091d04
Instruction Fuzzy Hash: 3831F270659381BBD624DB06CD82F3EB7A1EB90B94F64850CF2916B2E1D370A811CB52

Function 00CE3220 Relevance: 1.6, APIs: 1, Instructions: 59
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(?,00000000), ref: 00CE32A6

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 3663c118e66f2c97366aecff2439e796714c6b63560920c474d6e3938b48e351
Instruction ID: 200db3f18538a3d3abbb85ce4b93936e4382b6d77f2d700e381436103e41e531
Opcode Fuzzy Hash: 3663c118e66f2c97366aecff2439e796714c6b63560920c474d6e3938b48e351
Instruction Fuzzy Hash: E8014B3450D280EBC701EB18E849A2EBBE8EF4A700F05481CE5C58B362D235ED64DBA2

Function 00CE3202 Relevance: 1.5, APIs: 1, Instructions: 6
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,00000000), ref: 00CE3208

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: d4108d1db9147791809cbd040bcc7a38ed841ac86d52a01f8cd7bc71675f1635
Instruction ID: 6675f13f64256b76f8f4466aadc59872891eec0126b027c61a7155e3db885318
Opcode Fuzzy Hash: d4108d1db9147791809cbd040bcc7a38ed841ac86d52a01f8cd7bc71675f1635
Instruction Fuzzy Hash: E5B012300400005FDA042B00EC0AF143511EB00605F900050A101080B1D16258A4C555

Non-executed Functions

Function 00CD23E0 Relevance: 33.0, APIs: 4, Strings: 13, Instructions: 3298COMMON

Download Yara Rule

Strings

:, xrefs: 00CD32DD
`tii, xrefs: 00CD2693
aenQ, xrefs: 00CD276A
3<, xrefs: 00CD32D6
fedc, xrefs: 00CD2782
{l`~, xrefs: 00CD268C
|}&C, xrefs: 00CD2F21
%*+(, xrefs: 00CD40EF
Cx, xrefs: 00CD453D
f@~!, xrefs: 00CD25FF
mlc@, xrefs: 00CD275C
#v, xrefs: 00CD344B, 00CD4861
ggxz, xrefs: 00CD2685

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: %*+($3<$:$Cx$`tii$aenQ$f@~!$fedc$ggxz$mlc@${l`~$|}&C$#v
API String ID: 0-2260822535
Opcode ID: 90459fb05d21418c93ad6705ae4873705db6db069546ba450243650784c06385
Instruction ID: 8a42505986e5e0c6bf055af45b059e218321f76a4f353156ab48fb5c7030536d
Opcode Fuzzy Hash: 90459fb05d21418c93ad6705ae4873705db6db069546ba450243650784c06385
Instruction Fuzzy Hash: 7B33DE70504B818FD7258F39C590762BBF1BF16304F58899EE5EA8BB92C335E906CB61

Function 00CBDB6F Relevance: 32.0, Strings: 24, Instructions: 2006COMMON

Download Yara Rule

Strings

89>?, xrefs: 00CBE9F6
89&', xrefs: 00CBE93B
LKJI, xrefs: 00CBE6E6
|, xrefs: 00CBECB1
@ONM, xrefs: 00CBE6DB
:WUE, xrefs: 00CBF6B7, 00CBF6C6
D, xrefs: 00CBE846
tsrq, xrefs: 00CBE6FC
`Y^_, xrefs: 00CBE99E
WP, xrefs: 00CBDCEF
%*+(, xrefs: 00CBDE37, 00CBDE46
<=2, xrefs: 00CBEA01
`onm, xrefs: 00CBE733
T, xrefs: 00CBF157
dcba, xrefs: 00CBE728
()./, xrefs: 00CBE9CA
<=:;, xrefs: 00CBE930
tuJK, xrefs: 00CBE967
xgfe, xrefs: 00CBE71D
QNOL, xrefs: 00CBE775
lkji, xrefs: 00CBE73E
AR, xrefs: 00CBDD10
mjkh, xrefs: 00CBE7D8
DCBA, xrefs: 00CBE887, 00CBE896

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: %*+($()./$89&'$89>?$:WUE$<=2$<=:;$@ONM$AR$D$DCBA$LKJI$QNOL$T$WP$`Y^_$`onm$dcba$lkji$mjkh$tsrq$tuJK$xgfe$|
API String ID: 2994545307-1418943773
Opcode ID: 86147f41e99a7abf2f6467441a8315bd13a4fc9034c24e34ccc6048f1869b587
Instruction ID: bb50ce7277816b6f0c38ccf29ed1f38c99853509f9f60ac4f914e54883c1d4fa
Opcode Fuzzy Hash: 86147f41e99a7abf2f6467441a8315bd13a4fc9034c24e34ccc6048f1869b587
Instruction Fuzzy Hash: FBF267B05083819BD770CF14C894BEBBBE6BFD5704F14482CE4D98B292EB719985DB92

Function 00CC9F62 Relevance: 21.7, Strings: 17, Instructions: 473COMMON

Download Yara Rule

Strings

?m,o, xrefs: 00CCA13C
WH, xrefs: 00CCAA1C
CG, xrefs: 00CCAA32
sm, xrefs: 00CCA830
N[, xrefs: 00CCA375
Gt, xrefs: 00CC9FF8
S], xrefs: 00CCA636
hi, xrefs: 00CCAB9D
_Y, xrefs: 00CCA641
%e6g, xrefs: 00CCA152
WQ, xrefs: 00CCA62B
]{, xrefs: 00CCA1E7, 00CCA1F3
(a*c, xrefs: 00CCA147
JG, xrefs: 00CCAA27
/), xrefs: 00CCA66D
kW, xrefs: 00CCA380
=], xrefs: 00CCA36A

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: %e6g$(a*c$=]$?m,o$CG$Gt$JG$N[$WH$]{$hi$kW$/)$S]$WQ$_Y$sm
API String ID: 0-1131134755
Opcode ID: 059128890bcef5c2f6496cc4173607517d0cdfdf0d743a16011776235965f855
Instruction ID: dd2258d17ee169226f245582cd6731de45232f8b4e0161ca486ff9fcdda9a253
Opcode Fuzzy Hash: 059128890bcef5c2f6496cc4173607517d0cdfdf0d743a16011776235965f855
Instruction Fuzzy Hash: A752C6B400D385CAE270CF26D585B8EBAF1BB92744F608A1DE1ED9B255DBB08045CF93

Function 00CC9510 Relevance: 20.4, Strings: 16, Instructions: 427COMMON

Download Yara Rule

Strings

,A&C, xrefs: 00CC982E
z=Q?, xrefs: 00CC9826
8;, xrefs: 00CC9B13
B?Q9, xrefs: 00CC9B0B
O+f), xrefs: 00CC9634, 00CC963D
pq, xrefs: 00CC99E0
?M0K, xrefs: 00CC9968
;IJK, xrefs: 00CC983E
G'M!, xrefs: 00CC9ADB
!E4G, xrefs: 00CC9836
B7U1, xrefs: 00CC9AFB
T#a-, xrefs: 00CC9AE3
L3Y=, xrefs: 00CC9B03
G+X5, xrefs: 00CC9AF3
2A"_, xrefs: 00CC9980
X/R), xrefs: 00CC9AEB

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: !E4G$,A&C$2A"_$8;$;IJK$?M0K$B7U1$B?Q9$G'M!$G+X5$L3Y=$O+f)$T#a-$X/R)$pq$z=Q?
API String ID: 0-655414846
Opcode ID: beac5df9bca4ed5ab4563d5d9ba5a50c97072820ade7a79a008b1174f022b34f
Instruction ID: 214d5e9f1ce542d3b582d9944d02bf402b7236450c87f3563a512f5dad428f49
Opcode Fuzzy Hash: beac5df9bca4ed5ab4563d5d9ba5a50c97072820ade7a79a008b1174f022b34f
Instruction Fuzzy Hash: 0BF14EB0508380ABD310DF55D885A2BBBF4FB8AB48F144D1CF5D99B252D334DA08DBA6

Function 00CCDD29 Relevance: 14.9, Strings: 11, Instructions: 1142COMMON

Download Yara Rule

Strings

<Y.[, xrefs: 00CCE27D
n\+H, xrefs: 00CCDDC0
hX]N, xrefs: 00CCDDC7
)IgK, xrefs: 00CCE261
-M2O, xrefs: 00CCE25A
Y9N;, xrefs: 00CCE245
%*+(, xrefs: 00CCE143
{E, xrefs: 00CCE323
=]+_, xrefs: 00CCE276
upH}, xrefs: 00CCDE8A, 00CCE798, 00CCDF4A
,Q?S, xrefs: 00CCE26F

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: %*+($)IgK$,Q?S$-M2O$<Y.[$=]+_$Y9N;$hX]N$n\+H$upH}${E
API String ID: 0-1557708024
Opcode ID: 8a7a765ef344b18a2907e9e7fbea1d731e77d747539063dfecc2796fe7fdebe7
Instruction ID: 61b0e2a2d4ef00cde4ee6a57159c31e92bb29dda201f720b5536a17d3dceee3b
Opcode Fuzzy Hash: 8a7a765ef344b18a2907e9e7fbea1d731e77d747539063dfecc2796fe7fdebe7
Instruction Fuzzy Hash: D492C071E00205CFDB14CF69D891BAEBBB2FF4A310F294169E856AB391D735AD01CB91

Function 00CC098B Relevance: 10.8, Strings: 8, Instructions: 836COMMON

Download Yara Rule

Strings

gce/, xrefs: 00CC1073
qrqp, xrefs: 00CC1089
%*+(, xrefs: 00CC0A77, 00CC0A86
{, xrefs: 00CC1502
cah`, xrefs: 00CC107E
9.5^, xrefs: 00CC0F9F
,#15, xrefs: 00CC0F94
&> &, xrefs: 00CC0F89

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: %*+($&> &$,#15$9.5^$cah`$gce/$qrqp${
API String ID: 0-4102007303
Opcode ID: d6a7d474f8dd864753cbd3242afdb0a64a2163572b2f0e7fbddc90a6508e68e4
Instruction ID: faa184fc0d54b5e6df474d72a169eed86e3eec4b39263da8a90c114edbefb830
Opcode Fuzzy Hash: d6a7d474f8dd864753cbd3242afdb0a64a2163572b2f0e7fbddc90a6508e68e4
Instruction Fuzzy Hash: 2F6286B16083818BD730CF14D891BAFBBE1FF96314F18492DE49A8B682E7759941CB53

Function 00CA1000 Relevance: 10.5, Strings: 7, Instructions: 1785COMMON

Download Yara Rule

Strings

0123456789abcdefxp, xrefs: 00CA1587, 00CA15F8
@, xrefs: 00CA2C40
gfff, xrefs: 00CA2297
gfff, xrefs: 00CA22E1
-, xrefs: 00CA21ED
gfff, xrefs: 00CA2226
0123456789ABCDEFXP, xrefs: 00CA157D, 00CA15EB

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$@$gfff$gfff$gfff
API String ID: 0-2517803157
Opcode ID: ab592df250cdce2ad6882c98632d43999a7f7be81fdf382747a51e5627f5a0c7
Instruction ID: c8225966f658b23c57efd04ccdcbec02202fb3813b84da6f6fea3b77a6817e9c
Opcode Fuzzy Hash: ab592df250cdce2ad6882c98632d43999a7f7be81fdf382747a51e5627f5a0c7
Instruction Fuzzy Hash: FED2E6716083528FD714CE29C49436ABBE2AFD6318F188A2DF9A5C7391D734DE45CB82

Function 00E70004 Relevance: 10.4, Strings: 7, Instructions: 1616COMMON

Download Yara Rule

Strings

Fvbv, xrefs: 00E703D7
L2Ux, xrefs: 00E71217
y\7~, xrefs: 00E70435
3l{o, xrefs: 00E7133D
q_w, xrefs: 00E706A1
%>s, xrefs: 00E708FA
3~g, xrefs: 00E70494

Memory Dump Source

Source File: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: %>s$3l{o$3~g$Fvbv$L2Ux$q_w$y\7~
API String ID: 0-2533399814
Opcode ID: a5e8bdbf8b9367aec589bc8c376e5f298820bd8823773df2315fcb1138f1ebd6
Instruction ID: a1d9233b41d5dff251b702d0cd8351dfdd16f7b926e8baa3806abb7426b00afd
Opcode Fuzzy Hash: a5e8bdbf8b9367aec589bc8c376e5f298820bd8823773df2315fcb1138f1ebd6
Instruction Fuzzy Hash: 97B218F3A086009FE304AE2DEC8567ABBE5EFD4320F16863DEAC4C7744E93558058697

Function 00E75101 Relevance: 9.1, Strings: 6, Instructions: 1615COMMON

Download Yara Rule

Strings

$|w~, xrefs: 00E752B6
f|o, xrefs: 00E75D5E
f f, xrefs: 00E76297
&_c3, xrefs: 00E75929
wfSw, xrefs: 00E75F93
?-Gw, xrefs: 00E75E23

Memory Dump Source

Source File: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: $|w~$&_c3$?-Gw$f f$f|o$wfSw
API String ID: 0-1171404069
Opcode ID: 54801e9f6b1813f2ae402d3a50c696388b6238b320c406e5986539f1203ac883
Instruction ID: 9e1add5413d1ee7f7c8524c47721f99ed666250d078741e47ef7f50d2b700be1
Opcode Fuzzy Hash: 54801e9f6b1813f2ae402d3a50c696388b6238b320c406e5986539f1203ac883
Instruction Fuzzy Hash: 10B2E4B360C2049FE304AE2DEC8567ABBE5EFD4720F16853DEAC4C7744EA3598058697

Function 00CA1569 Relevance: 7.9, Strings: 6, Instructions: 433COMMON

Download Yara Rule

Strings

0123456789abcdefxp, xrefs: 00CA1587
gfff, xrefs: 00CA2297
gfff, xrefs: 00CA22E1
+, xrefs: 00CA21CB
gfff, xrefs: 00CA2226
0123456789ABCDEFXP, xrefs: 00CA157D

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: +$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff$gfff
API String ID: 0-925659942
Opcode ID: b89cf265416b0660f250d7beef4395ba8a602ca3c59c0695f34d034bfa74f229
Instruction ID: a41dc6f767846693e98838ecf212c119b4d7ae7f5338528ff463d118a7903bc9
Opcode Fuzzy Hash: b89cf265416b0660f250d7beef4395ba8a602ca3c59c0695f34d034bfa74f229
Instruction Fuzzy Hash: 46F1F871A087524FC708CE2DC49036ABBE2AFDA308F1CCA6DE5D98B395D634D945CB52

Function 00E6E4F1 Relevance: 7.9, Strings: 5, Instructions: 1662COMMON

Download Yara Rule

Strings

Kqwm, xrefs: 00E6EBBF
R'[w, xrefs: 00E6F29A
{XO[, xrefs: 00E6E60D
1.7, xrefs: 00E6EF4B
6{7, xrefs: 00E6E657

Memory Dump Source

Source File: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: 6{7$Kqwm$R'[w${XO[$1.7
API String ID: 0-3795508700
Opcode ID: 607aff3cc8757d7b7e203ab097d9c800775625d3e57ad60fce5e37459003f86e
Instruction ID: ab9eacc63828feaf140fca446219f2aa6597737f4fb65d72efe7c7595e7d85a1
Opcode Fuzzy Hash: 607aff3cc8757d7b7e203ab097d9c800775625d3e57ad60fce5e37459003f86e
Instruction Fuzzy Hash: E3B2F5F3A0C2109FE704AE29EC8567ABBE5EF94320F1A493DEAC4C7744E63558058697

Function 00E76D05 Relevance: 7.7, Strings: 5, Instructions: 1436COMMON

Download Yara Rule

Strings

#n|, xrefs: 00E7759F
:}, xrefs: 00E772ED
ggg, xrefs: 00E76D9A
.Nm, xrefs: 00E76F10
$o}, xrefs: 00E7783E

Memory Dump Source

Source File: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: ggg$#n|$.Nm$:}$$o}
API String ID: 0-616819237
Opcode ID: 4995ac934560c34d62a37d5f2073ff791c1e0fb98b140990f72c1d7485cd40c9
Instruction ID: 9b60bdb83f87110294f57cd92d1caa1aea06c40e08152d6f0b6169b314f1b903
Opcode Fuzzy Hash: 4995ac934560c34d62a37d5f2073ff791c1e0fb98b140990f72c1d7485cd40c9
Instruction Fuzzy Hash: 3E9229F360C214AFE7046E2DEC8567ABBE9EF94720F1A893DE6C4C7744E63558018792

Function 00CA12F7 Relevance: 7.2, Strings: 5, Instructions: 922COMMON

Download Yara Rule

Strings

0, xrefs: 00CA1DC1
0, xrefs: 00CA1E88
@, xrefs: 00CA3531
i, xrefs: 00CA28EA
0, xrefs: 00CA243E

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: 0$0$0$@$i
API String ID: 0-3124195287
Opcode ID: af86137b16e27c4a6bdfb12eb328be639234887fab53e15de104067a6f06bf44
Instruction ID: 302112719ff96703c9bd0d9cdc67080b5ecfbbd601d4051ce868b20bfdefae0f
Opcode Fuzzy Hash: af86137b16e27c4a6bdfb12eb328be639234887fab53e15de104067a6f06bf44
Instruction Fuzzy Hash: B762E471A0D3928FD319CF28C49476ABBE1AFD6308F188E1DE8D987291D774DA45CB42

Function 00E6AF5D Relevance: 6.6, Strings: 4, Instructions: 1596COMMON

Download Yara Rule

Strings

X, xrefs: 00E6BAFD
b}_, xrefs: 00E6B775
pm, xrefs: 00E6C17E
sO, xrefs: 00E6BE26

Memory Dump Source

Source File: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: pm$b}_$sO$X
API String ID: 0-2228632495
Opcode ID: e386eb5522eba1bd180dc4b0b9886039c535f6c31d80ea1b1f3a02ed39586da2
Instruction ID: 5f0873c521519c6bce71257dbc3545825d71208a6e47c1fe6173d6326747e816
Opcode Fuzzy Hash: e386eb5522eba1bd180dc4b0b9886039c535f6c31d80ea1b1f3a02ed39586da2
Instruction Fuzzy Hash: DAB2E6F3A0C210AFE3046E29EC8567AFBE5EF94720F1A492DEAC5C3740E67558418797

Function 00E73A66 Relevance: 6.2, Strings: 4, Instructions: 1220COMMON

Download Yara Rule

Strings

?D>, xrefs: 00E7481E
!+q, xrefs: 00E73F02
0=-, xrefs: 00E73E1F
:$>4, xrefs: 00E740F2

Memory Dump Source

Source File: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: :$>4$?D>$!+q$0=-
API String ID: 0-3296461446
Opcode ID: 9e73867cf33a0ec523b1a81e9f69f463c7deb145fac3efccabbf138785082b2a
Instruction ID: a6bad7e9e4d00b12f2e92f999ff404d0e1b9e1506d1f4cab6c1d1ec583b78979
Opcode Fuzzy Hash: 9e73867cf33a0ec523b1a81e9f69f463c7deb145fac3efccabbf138785082b2a
Instruction Fuzzy Hash: 94823AF3A0C2049FE3046E2DEC8577ABBE5EF94720F1A493DE6C4C3744EA3598058696

Function 00CCFD10 Relevance: 5.7, Strings: 4, Instructions: 667COMMON

Download Yara Rule

Strings

:, xrefs: 00CD0087
m1s3, xrefs: 00CCFEC3, 00CCFECB
uvw, xrefs: 00CCFE95
NA_I, xrefs: 00CD036D

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: :$NA_I$m1s3$uvw
API String ID: 0-3973114637
Opcode ID: d9e05a2911694dc22bafc82dc3254d9bde41f68d025f9361a1a95f5da15f8f94
Instruction ID: a9bec8a44944561a657768d3aeb5202bca68c8c0b302e436d3b09f8037d80e0a
Opcode Fuzzy Hash: d9e05a2911694dc22bafc82dc3254d9bde41f68d025f9361a1a95f5da15f8f94
Instruction Fuzzy Hash: 8932AAB0508381DFD311DF29D880B2EBBE5AB8A304F284A5DF6D58B3A2D335D915DB52

Function 00CB3BE2 Relevance: 5.4, Strings: 4, Instructions: 431COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00CB3EC4
;z, xrefs: 00CB3C87
ss, xrefs: 00CB3C79
p, xrefs: 00CB3C80

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: %*+($;z$p$ss
API String ID: 0-2391135358
Opcode ID: e400306e5e5af2d4dc1f9e30f77af1047332b7e70469a71921dbbc9f61f0a68c
Instruction ID: fad83a36833f3842fb67655e2a6eb343460b948667f8520a8d01f23b5e28e778
Opcode Fuzzy Hash: e400306e5e5af2d4dc1f9e30f77af1047332b7e70469a71921dbbc9f61f0a68c
Instruction Fuzzy Hash: 69025CB4810B40DFD760EF25D986756BFF5FB01300F50495DE8AA8B696E370E819CBA2

Function 00CC2260 Relevance: 5.4, Strings: 4, Instructions: 383COMMON

Download Yara Rule

Strings

lc, xrefs: 00CC2507
hu, xrefs: 00CC232F
a|, xrefs: 00CC2317
sj, xrefs: 00CC2327

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: a|$hu$lc$sj
API String ID: 0-3748788050
Opcode ID: b39c29e22d07b4e9c112a2c0bf70cc725d4dcef21825301b374604227ed6c0ae
Instruction ID: c779aad32f6b579a18be0e350fecd80b5204b95c68ddde9146a99fba262bc5e8
Opcode Fuzzy Hash: b39c29e22d07b4e9c112a2c0bf70cc725d4dcef21825301b374604227ed6c0ae
Instruction Fuzzy Hash: F1A18C744083418BC720DF18C891B2BB7F4FF95754F588A0CE8E59B2A1E739DA45CB96

Function 00CCD7AF Relevance: 5.2, Strings: 4, Instructions: 213COMMON

Download Yara Rule

Strings

CV, xrefs: 00CCD98B
KV, xrefs: 00CCD97D
#', xrefs: 00CCD9EA
T>, xrefs: 00CCD984

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: #'$CV$KV$T>
API String ID: 0-95592268
Opcode ID: e7a7ac92b7b4ba9a70bfbf5d0bbff6127300ffb79a6ce157730b31369b9de7f0
Instruction ID: 12608842b4dc66102a7e1c972944682ad3c636fc1860113aa744406594215a65
Opcode Fuzzy Hash: e7a7ac92b7b4ba9a70bfbf5d0bbff6127300ffb79a6ce157730b31369b9de7f0
Instruction Fuzzy Hash: A08155B48017459BCB20DFA5D28566EBFB1FF16300F60461CE486ABB55C330AA56CFE2

Function 00CCAC91 Relevance: 5.1, Strings: 4, Instructions: 128COMMON

Download Yara Rule

Strings

4c2a, xrefs: 00CCACA9
lk, xrefs: 00CCACBC
(g6e, xrefs: 00CCACA1
,{*y, xrefs: 00CCAD07, 00CCAD13

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: (g6e$,{*y$4c2a$lk
API String ID: 0-1327526056
Opcode ID: 82afe1ae92cdc6747985fb3f8af712475511b44f5666fcd16c1eed6ac0f64c07
Instruction ID: c90f3c91767e8b2e0bbd1aabf98cb5ff283ad14ac967f40ceea880c39d87fecc
Opcode Fuzzy Hash: 82afe1ae92cdc6747985fb3f8af712475511b44f5666fcd16c1eed6ac0f64c07
Instruction Fuzzy Hash: 5D4182B4408381CAD7209F21D804BABB7F0FF86309F54995DE9C997220EB32DA45CB97

Function 00CCC470 Relevance: 4.2, Strings: 3, Instructions: 419COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00CCC8C3, 00CCC8CB
~/i!, xrefs: 00CCC537
%*+(, xrefs: 00CCC9E4, 00CCC9ED

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: %*+($%*+($~/i!
API String ID: 0-4033100838
Opcode ID: 3de9452b3fac4cfbd315298f7013fd2fd4d92c57552ee345f334f8752109915d
Instruction ID: 75c45ea7419d6e6d2751ef8683456c0522c0dd82673d2cd38840815285a567b2
Opcode Fuzzy Hash: 3de9452b3fac4cfbd315298f7013fd2fd4d92c57552ee345f334f8752109915d
Instruction Fuzzy Hash: 92E183B5518340EFE3209F65D881B2EBBF5FB85344F58882CFA998B291D731D911CB92

Function 00CA8590 Relevance: 4.1, Strings: 3, Instructions: 387COMMON

Download Yara Rule

Strings

), xrefs: 00CA860C
IEND, xrefs: 00CA89F0
), xrefs: 00CA8616

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: )$)$IEND
API String ID: 0-588110143
Opcode ID: fe387c3e05ab6e9e2cfbf186fda4193a74a863d9bb71802e2dafa368584af99f
Instruction ID: 2cdd39788aaa2b2397283a8bc62289e959e9bf70860787963c10d5a11bf4f86e
Opcode Fuzzy Hash: fe387c3e05ab6e9e2cfbf186fda4193a74a863d9bb71802e2dafa368584af99f
Instruction Fuzzy Hash: B7E1D0B1A083069FE310CF69C88172BBBE0BB96318F14492DF59597381DB75E919CBC2

Function 00E71AD3 Relevance: 4.1, Strings: 2, Instructions: 1629COMMON

Download Yara Rule

Strings

gg?Z, xrefs: 00E71F0B
^m, xrefs: 00E72DC1

Memory Dump Source

Source File: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: gg?Z$^m
API String ID: 0-1699428641
Opcode ID: f36562f3d4477f1410e8e2f529b4d77d134f510e995f285a44f2feeb65db3bca
Instruction ID: 685ef60c71cbdbcb6a9dd9c727bbd45ea31923904d4fc1ef904811f9b4289938
Opcode Fuzzy Hash: f36562f3d4477f1410e8e2f529b4d77d134f510e995f285a44f2feeb65db3bca
Instruction Fuzzy Hash: 70B2F5F360C604AFE3046E29EC8577AFBE9EF94720F16893DEAC4C3744E63558058696

Function 00CE4040 Relevance: 3.1, Strings: 2, Instructions: 577COMMON

Download Yara Rule

Strings

f, xrefs: 00CE420C
%*+(, xrefs: 00CE40A4, 00CE40AD

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: %*+($f
API String ID: 0-2038831151
Opcode ID: 170be5a51dd7984b2dee8b21617bb5fe279391b041d8588229780f6194d4e5f8
Instruction ID: 3d4380eef264a56c0400ebb3fa94f6530f78f639a986b3bb7c1aee1280589e68
Opcode Fuzzy Hash: 170be5a51dd7984b2dee8b21617bb5fe279391b041d8588229780f6194d4e5f8
Instruction Fuzzy Hash: 1812AF716083819FC719CF1AC880B2EBBE6FBC9314F148A2DF5A58B291D735D945CB92

Function 00CDF620 Relevance: 3.0, Strings: 2, Instructions: 461COMMON

Download Yara Rule

Strings

hi, xrefs: 00CDF6E6
dg, xrefs: 00CDF7F5

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: dg$hi
API String ID: 0-2859417413
Opcode ID: 190acb974c69c10a3b530141e193234efa3f8c73b4227f3a55683d8c4825ed69
Instruction ID: 90ba8807d0d19eb28a32e814339fd52b006158b8c02cbbc227f3b8d5235fe712
Opcode Fuzzy Hash: 190acb974c69c10a3b530141e193234efa3f8c73b4227f3a55683d8c4825ed69
Instruction Fuzzy Hash: 77F19471628341EFE304CF64C891B2EBBE6FB86344F14992DF1968B2A1C734D946CB12

Function 00CA35B0 Relevance: 2.9, Strings: 2, Instructions: 411COMMON

Download Yara Rule

Strings

Inf, xrefs: 00CA3607
NaN, xrefs: 00CA360E

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: Inf$NaN
API String ID: 0-3500518849
Opcode ID: 1d4e06b265bcf99a56f29bd751c413f761b93621a4a7b64200acdd656e3c29be
Instruction ID: cbf811d22772f13f72a2abcd15f67ba653544430c48a33642f5fb57768546552
Opcode Fuzzy Hash: 1d4e06b265bcf99a56f29bd751c413f761b93621a4a7b64200acdd656e3c29be
Instruction Fuzzy Hash: 81D1F671B083529BC704CF69C89061FB7E1FBC9754F14892DF9A9973A0E675DE048B82

Function 00E7856F Relevance: 2.8, Strings: 1, Instructions: 1552COMMON

Download Yara Rule

Strings

!Y>, xrefs: 00E79034

Memory Dump Source

Source File: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: !Y>
API String ID: 0-3100169751
Opcode ID: 3380324c40054baa90b96d801110ec4a059c7b9daa617d1c9b75c94191da417b
Instruction ID: 4e80c68617c33b37a00bdd4abe5a79a02fb8ca09e003f512c48cc03e8950835d
Opcode Fuzzy Hash: 3380324c40054baa90b96d801110ec4a059c7b9daa617d1c9b75c94191da417b
Instruction Fuzzy Hash: A4A2D4F3A0C2049FE314AE2DEC8577AB7E9EF94320F1A493DEAC483744E63558158697

Function 00CBFFDF Relevance: 2.7, Strings: 2, Instructions: 185COMMON

Download Yara Rule

Strings

BaBc, xrefs: 00CC0197
Ye[g, xrefs: 00CC00F6

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: BaBc$Ye[g
API String ID: 0-286865133
Opcode ID: 573bd1b3f189ce409809b2c9b4bc7ca1a14d0794b839c7c9681637a3756e1877
Instruction ID: bb5ef43de9c6193b83558742ec25a7ed0349cde82adc451c43df88f97089a849
Opcode Fuzzy Hash: 573bd1b3f189ce409809b2c9b4bc7ca1a14d0794b839c7c9681637a3756e1877
Instruction Fuzzy Hash: 3951A9B1608381CBD731CF14C885BABB7E0FF96324F29491DE49A8B651E3749A80CB57

Function 00CA5160 Relevance: 1.8, Strings: 1, Instructions: 577COMMON

Download Yara Rule

Strings

%1.17g, xrefs: 00CA54C8

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: %1.17g
API String ID: 0-1551345525
Opcode ID: de13e8e906ae5fb078ce712038ed3746e341a38f2c9b6955c866119f06b80859
Instruction ID: ecde022e0cc6cf7772338b729010807c698b662b9a42cba0b85a53a375547e6b
Opcode Fuzzy Hash: de13e8e906ae5fb078ce712038ed3746e341a38f2c9b6955c866119f06b80859
Instruction Fuzzy Hash: D022F4B6A08B43CBE7158E19D44032ABBA2AFE230CF1DC56DE8698B391E775DD44C741

Function 00CD12D0 Relevance: 1.7, Strings: 1, Instructions: 484COMMON

Download Yara Rule

Strings

", xrefs: 00CD15D1

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
Instruction ID: 017cea807f020ef2cdbfb6f749e52e0d17e82abb8f26c98358f7c3c6dcfded26
Opcode Fuzzy Hash: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
Instruction Fuzzy Hash: 3DF13571A083416FC724CE25C49062BBBE6AFC1354F1DC56EEDAA87382D634DE05D792

Function 00CCAE57 Relevance: 1.7, Strings: 1, Instructions: 455COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00CCB2D3, 00CCB2DB

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 1b62a51c11facd065ce37ecd4c7f8ef04cdc136e179b2c9601e040372a3ab7ce
Instruction ID: 20e4b6f57ce9550bc5e81e81e3ed6b947ce4b71da07172c33a10390da774d8f2
Opcode Fuzzy Hash: 1b62a51c11facd065ce37ecd4c7f8ef04cdc136e179b2c9601e040372a3ab7ce
Instruction Fuzzy Hash: 2EE1AA71508346CBC314DF69C890A6EB7E2FF98781F58891CE8D587220E735EE59CB82

Function 00CB6EBF Relevance: 1.7, Strings: 1, Instructions: 447COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00CB6EF3

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: c95c2a627d66c8f6b4512bcfc10cfaae23145a4abf1ac8a09d9d74f787f73e37
Instruction ID: f871dbf7f058040a760fe332f7f250f3f3afca2a1dce80749cabae4067f074b3
Opcode Fuzzy Hash: c95c2a627d66c8f6b4512bcfc10cfaae23145a4abf1ac8a09d9d74f787f73e37
Instruction Fuzzy Hash: E9F19DB5A00A01CFC724DF24D881A6AB7F6FF49314F248A2DE49787A91EB34F915DB41

Function 00CC7E60 Relevance: 1.7, Strings: 1, Instructions: 425COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00CC8263, 00CC826B

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 562d2bcdcae607455bff459f0914eb917a964e92c2cba4119c0106c6021ac910
Instruction ID: f66b779f9852def7273098c4c1ccdc9e4ac73550136dd4e0e451a6c6169c07f6
Opcode Fuzzy Hash: 562d2bcdcae607455bff459f0914eb917a964e92c2cba4119c0106c6021ac910
Instruction Fuzzy Hash: 9EC1BD71908200ABD710AB14C882F2FB7F5EF96754F48891CF8D58B251E734ED19DBA2

Function 00CC8D62 Relevance: 1.7, Strings: 1, Instructions: 410COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00CC9233, 00CC923B

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 8f2a2f5a50d62d25357602746fad48b91cc93fc76ce4bc094a900c7ff8eab9bf
Instruction ID: f6ce4149b9d3c9531ae045a0b28ab7f6662aab5bedbf25a7721ed9d72f4388e7
Opcode Fuzzy Hash: 8f2a2f5a50d62d25357602746fad48b91cc93fc76ce4bc094a900c7ff8eab9bf
Instruction Fuzzy Hash: 72D1BB70618302DFD704DF68DC90B2AB7E5FF88704F69886CE98687292DB34E955CB52

Function 00CE7FC0 Relevance: 1.6, Strings: 1, Instructions: 387COMMON

Download Yara Rule

Strings

P, xrefs: 00CE8167

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: P
API String ID: 0-3110715001
Opcode ID: 61078f515e878138d8f9956c7a64c2a25d6880e3d113b4ed27df26b3a5f4460d
Instruction ID: 7dc169e6c9e26907c7be80d783cacc89828b53c56ee59ae9138a184faaef25bb
Opcode Fuzzy Hash: 61078f515e878138d8f9956c7a64c2a25d6880e3d113b4ed27df26b3a5f4460d
Instruction Fuzzy Hash: 22D1F6729083A14FC725CE19D89072EB7E1EB84718F15862CE9B9AB390CB75DD4AC7C1

Function 00CCCCD0 Relevance: 1.6, Strings: 1, Instructions: 357COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00CCCDC3, 00CCCDCB

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: %*+(
API String ID: 2994545307-3233224373
Opcode ID: 3f0cea6ea2f486bf10923531d96ad531ac741fec850a4cf5af6898d9cf70e3ba
Instruction ID: a5303242bc427575482dc29fd029cd0dc6225e1e1eb8c65911213ab298a93796
Opcode Fuzzy Hash: 3f0cea6ea2f486bf10923531d96ad531ac741fec850a4cf5af6898d9cf70e3ba
Instruction Fuzzy Hash: 32B1E070A083019BD714DF58D880B3BBBE2EF86344F18492CE5DA8B351E335E956DB92

Function 00CAA850 Relevance: 1.5, Strings: 1, Instructions: 271COMMON

Download Yara Rule

Strings

,, xrefs: 00CAA9C3

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: ,
API String ID: 0-3772416878
Opcode ID: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
Instruction ID: 1782bc64eeff3cb0aadaef5dfbdee1efe5e96341a82c9511799f695a28cc8814
Opcode Fuzzy Hash: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
Instruction Fuzzy Hash: CBB12A711083819FD325CF28C88061BBBE1AFAA708F444A2DF5D997342D671EA18CB67

Function 00E134D4 Relevance: 1.5, Strings: 1, Instructions: 267COMMON

Download Yara Rule

Strings

XIoW, xrefs: 00E134FA

Memory Dump Source

Source File: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: XIoW
API String ID: 0-1205665057
Opcode ID: 3ebf15145fc39677153bb664cb40e1932868e89599373dd1849a48dd528f32ac
Instruction ID: 0929ccd3fe627859d343cba4c815ceec5dce275fcab79d52e02d715571fc2145
Opcode Fuzzy Hash: 3ebf15145fc39677153bb664cb40e1932868e89599373dd1849a48dd528f32ac
Instruction Fuzzy Hash: 1F8155F3E192245FE3045E2DDC8477AB7D9EBD4720F2A863DEA9897380D9394C048686

Function 00CDFC20 Relevance: 1.5, Strings: 1, Instructions: 265COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00CDFCA4, 00CDFCAD

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 35d9817baa7d50d6f27844fd7d6873c07f95cded1b77ab352bccc700e39d9df0
Instruction ID: 804f89a0b8be53b75fb951c566afae3c9c255f5efdbbaa18133f4e6b2597a0fe
Opcode Fuzzy Hash: 35d9817baa7d50d6f27844fd7d6873c07f95cded1b77ab352bccc700e39d9df0
Instruction Fuzzy Hash: 9181ED71528340EBD710EF69D884B2EB7E6FB89701F14882DF2C687291D730E916DB62

Function 00CBD457 Relevance: 1.5, Strings: 1, Instructions: 248COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00CBD663, 00CBD66B

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: ada9c263445dc5e1645739ff71d46a988065275e22fec20d947322e009078fc1
Instruction ID: 616f6fc12538b65c523b54c0452286df22ce215a0e497cb097fe1255053b0c4d
Opcode Fuzzy Hash: ada9c263445dc5e1645739ff71d46a988065275e22fec20d947322e009078fc1
Instruction Fuzzy Hash: 4361D1B1908205DBD720AF58DC82B7A73B0FF95354F184928F98687252F331EA14D792

Function 00CE4A40 Relevance: 1.5, Strings: 1, Instructions: 220COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00CE4C33, 00CE4C3B

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: f34865c94689476d2dce9b0bd0d27438f4d6276ed50bfae786f77005e1b0d198
Instruction ID: 4ce3797346fb3c491b23c58ae2d6030325f34ad7ec455eeae3043dd9edfb6428
Opcode Fuzzy Hash: f34865c94689476d2dce9b0bd0d27438f4d6276ed50bfae786f77005e1b0d198
Instruction Fuzzy Hash: F1610271A083819FD718DF27C880B2ABBE6EBC4314F28891CE6D987291D771ED51DB52

Function 00E08A40 Relevance: 1.5, Strings: 1, Instructions: 214COMMON

Download Yara Rule

Strings

c, xrefs: 00E08A76

Memory Dump Source

Source File: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: c
API String ID: 0-112844655
Opcode ID: 2e23f320cf3923ed45de4ae84c4c05e5288e8e59b5f032a54b7cfd9cf5f28aca
Instruction ID: 916ee1505feb92562d9da86cc2b118bf865ddf1b6addfb282f72c75ce11bdf31
Opcode Fuzzy Hash: 2e23f320cf3923ed45de4ae84c4c05e5288e8e59b5f032a54b7cfd9cf5f28aca
Instruction Fuzzy Hash: 3261C5F3D082109BE304AA19DC8576AFBE5EF94720F1B893DEAC893750D6359C418B97

Function 00D1A06E Relevance: 1.5, Strings: 1, Instructions: 203COMMON

Download Yara Rule

Strings

D\\|, xrefs: 00D1A23B

Memory Dump Source

Source File: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: D\\|
API String ID: 0-522840301
Opcode ID: 1a15566621ac06d927219af3030f9c9f9388efab93d28cd5ea252a519738f0f7
Instruction ID: 6a36486fb245e6086403fdfe72af2fc74e9628c347dbe0f6eb6411e64aa3ccff
Opcode Fuzzy Hash: 1a15566621ac06d927219af3030f9c9f9388efab93d28cd5ea252a519738f0f7
Instruction Fuzzy Hash: F85128B3B081104BE708AA3DDD5977AB7D6DFD8720F2B863DDA89C7784D9385C058282

Function 00D43FFB Relevance: 1.4, Strings: 1, Instructions: 176COMMON

Download Yara Rule

Strings

)</, xrefs: 00D4405D

Memory Dump Source

Source File: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: )</
API String ID: 0-1326753077
Opcode ID: 4e39398da9398a22c96aa9a01fdc1426802e80b24f845a3c12c488db303d1e20
Instruction ID: eda1ac2ea9dedafbcbdf81cddf5dbda515faf0e6abdcfcbf02f9cf3b0052db26
Opcode Fuzzy Hash: 4e39398da9398a22c96aa9a01fdc1426802e80b24f845a3c12c488db303d1e20
Instruction Fuzzy Hash: D45103F3A083105FE7047A69EC8576AB6D5EF84320F1B463DDBC897784E97A48418686

Function 00CAE1A0 Relevance: 1.4, Strings: 1, Instructions: 175COMMON

Download Yara Rule

Strings

000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081, xrefs: 00CAE333

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
API String ID: 0-2471034898
Opcode ID: 42521710c711c57051ead8071639dfe9e524edcb5d4a26002fab6184c7e420ef
Instruction ID: acc36cc4c333dfa24582b3351f0781b60fbb93f7aaab6041a522341d5398a524
Opcode Fuzzy Hash: 42521710c711c57051ead8071639dfe9e524edcb5d4a26002fab6184c7e420ef
Instruction Fuzzy Hash: 72512633A1A6D24BD728893D4C953AA7A870BE3338B3DC769E9F18B3F5D555880183D0

Function 00CE3920 Relevance: 1.4, Strings: 1, Instructions: 172COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00CE39E3, 00CE39EB

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 16b1909119a0979d75d6530a8f1db938790144e7c8a9be7d6198b1d6951e607f
Instruction ID: 484d144e311592c739e0304b9aa943734a0ba28d372d86d6c3b4ce5752d0e559
Opcode Fuzzy Hash: 16b1909119a0979d75d6530a8f1db938790144e7c8a9be7d6198b1d6951e607f
Instruction Fuzzy Hash: 1D51B1306182C09BC724EF56D888B2EBBE5FF85704F14882CE5D587252C731EE50EB62

Function 00CB1BEE Relevance: 1.4, Strings: 1, Instructions: 128COMMON

Download Yara Rule

Strings

L3, xrefs: 00CB1C3E

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: L3
API String ID: 0-2730849248
Opcode ID: b4f8f11c6c6267bc26b99c45f67c66e42615b9551760d68b9a3106c1ebfcafe2
Instruction ID: 223c701e880a991fb095488ac98786558a3f5b8580256efac19b6665c06dca2b
Opcode Fuzzy Hash: b4f8f11c6c6267bc26b99c45f67c66e42615b9551760d68b9a3106c1ebfcafe2
Instruction Fuzzy Hash: 624152B40083809BC7149F64C8A4A6FBBF0BF86314F48891CF9D59B2A1D736CA05CB57

Function 00E33819 Relevance: 1.4, Strings: 1, Instructions: 124COMMON

Download Yara Rule

Strings

FiOw, xrefs: 00E338E5

Memory Dump Source

Source File: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: FiOw
API String ID: 0-1639816967
Opcode ID: 084fd05e15bb7474c592f75909ebeff0b60cc1960c2c780ddc9bae368dc2e378
Instruction ID: dbfbbbbc94364e02a4022ca909ff0a679cc251503304eac63fadaf1b6c9476a5
Opcode Fuzzy Hash: 084fd05e15bb7474c592f75909ebeff0b60cc1960c2c780ddc9bae368dc2e378
Instruction Fuzzy Hash: E33126F7E0922897F3142929EC997B6B78ADB94320F5B023DDB8993780ED7918004296

Function 00CDFF70 Relevance: 1.4, Strings: 1, Instructions: 124COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00CE0033, 00CE003B

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 4e0ebf6e7ba5ea7b6a7ebb8ee32598d36c0b97d492df459069989728024f034a
Instruction ID: b9c8266fadfde964f61b7a93624a32b1e3a3e7058aabde0d5faa0942915f28c9
Opcode Fuzzy Hash: 4e0ebf6e7ba5ea7b6a7ebb8ee32598d36c0b97d492df459069989728024f034a
Instruction Fuzzy Hash: 213128B1A04381ABD610EB56DC81F3BB7E9EB81744F644828F98587252E371DD50CBA3

Function 00CCE40C Relevance: 1.4, Strings: 1, Instructions: 108COMMON

Download Yara Rule

Strings

72?1, xrefs: 00CCE6A2

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: 72?1
API String ID: 0-1649870076
Opcode ID: 3c93f09a74dd7df870b63266bfcf4bd182e06b9fcab980e4303da05037f4b26b
Instruction ID: ae7aa13b10c208103ed203d41a71190b1ae545d797aa08d1309b545cc413bac3
Opcode Fuzzy Hash: 3c93f09a74dd7df870b63266bfcf4bd182e06b9fcab980e4303da05037f4b26b
Instruction Fuzzy Hash: 7531B1B5A00245CFC720DF95E880BBEB7B4BB56304F18045CE846A7201C335AA04DBA2

Function 00CB6F91 Relevance: 1.4, Strings: 1, Instructions: 108COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00CB703B

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 984722f6d77dc9d2c66ca8981fb3130c21b9bf8ee1c3d6966f0793fefcf39e62
Instruction ID: 1bfd4ddb8801c3c916ab8670812e3a23a2a1451ee4545e12ac427e1dfd5ad13b
Opcode Fuzzy Hash: 984722f6d77dc9d2c66ca8981fb3130c21b9bf8ee1c3d6966f0793fefcf39e62
Instruction Fuzzy Hash: EF418771614B04DBD7349F61D990F26BBF2FB48300F24891DEA868BAA1E331F800CB10

Function 00CCE66A Relevance: 1.4, Strings: 1, Instructions: 100COMMON

Download Yara Rule

Strings

72?1, xrefs: 00CCE6A2

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: 72?1
API String ID: 0-1649870076
Opcode ID: f35841d006c3f8f0984110e7223265872877ab5c7935595f27240143c142d363
Instruction ID: 6ae10a0c232dbc2cd939a4e72b4acab3b3741bc40c8c4f3afe64efdb719f36ec
Opcode Fuzzy Hash: f35841d006c3f8f0984110e7223265872877ab5c7935595f27240143c142d363
Instruction Fuzzy Hash: 76218BB1A10245CFC7209F95D980B7FBBB5BB1A744F18081CE846AB241C335AE01DBA2

Function 00CE9CE0 Relevance: 1.3, Strings: 1, Instructions: 87COMMON

Download Yara Rule

Strings

@, xrefs: 00CE9D30

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: @
API String ID: 2994545307-2766056989
Opcode ID: 2a46362053bedcc6c5ebbd3b1c6826a7988e2dcde987fcfa6a38c9bed605e760
Instruction ID: ba13a281d70d2cbb47560577a78b8e59a3d406d9934981b5b4a49aa8826f7975
Opcode Fuzzy Hash: 2a46362053bedcc6c5ebbd3b1c6826a7988e2dcde987fcfa6a38c9bed605e760
Instruction Fuzzy Hash: D73176709083809BD310EF16D880A2AFBF9EF9A314F14892CE6C897251D335DA04CBA6

Function 00CB4E2A Relevance: 1.0, Instructions: 957COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4211613b7f6aa7f6ca4acea6c874818d7ce7a1e458b759b75e76ac6f336d6d00
Instruction ID: 5bbb20955d6f89dd39ffc3028761485f01ed7bc39a6d77c8fd64ce5762bdaf73
Opcode Fuzzy Hash: 4211613b7f6aa7f6ca4acea6c874818d7ce7a1e458b759b75e76ac6f336d6d00
Instruction Fuzzy Hash: 836258B0600B408FD735DF24D890B67B7F6AF4A704F54892CD49A8BA92E771F909CB91

Function 00CABEB0 Relevance: .9, Instructions: 895COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5b0121574c2a50d09a457d15dd03c778926b46b2bcaa37816168aae89e1a027
Instruction ID: 3d7af8cb3ca92e614045780662b5bb3b2a36545d2e3e7723022465273f5bc861
Opcode Fuzzy Hash: b5b0121574c2a50d09a457d15dd03c778926b46b2bcaa37816168aae89e1a027
Instruction Fuzzy Hash: 57520931A087128BC725DF18D4C02BAB3E1FFDA31DF294A2DD9D697290D734A951CB86

Function 00CE8652 Relevance: .7, Instructions: 710COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba5de4c1107ec8209f3c379febe405b639997de0eb73e8e36fea37817be0806f
Instruction ID: 7fb55ed98cf91a7a7d97f26db378398f5fcfc3c9b58a7d5ddf743d0e9df0c344
Opcode Fuzzy Hash: ba5de4c1107ec8209f3c379febe405b639997de0eb73e8e36fea37817be0806f
Instruction Fuzzy Hash: 4B229935608381CFC708DF69E89072EBBF1FB8A315F0A896DE58987261D735E954CB42

Function 00CE86F0 Relevance: .7, Instructions: 681COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1bf0ba6712f3da29b312e888b7fc1b03789dfbde98532f30f1e92161865ad733
Instruction ID: a64e01b2f0e541ca9f8f76d07465f4382778513df988c6447772d43a9e001bf4
Opcode Fuzzy Hash: 1bf0ba6712f3da29b312e888b7fc1b03789dfbde98532f30f1e92161865ad733
Instruction Fuzzy Hash: 0F229835608380DFC708DF69E89072EBBF1EB8A305F1A896DE58987361C735E954CB42

Function 00CAB3A0 Relevance: .7, Instructions: 670COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef85947ce27c22a7c9d3069ef0f5f12f32810a27feae03c44e1e90a2f95cc214
Instruction ID: 8f1ed7ae7a7de5e2c30b50cdf1d7d38cac29d68ff500bb4008c901febe369c3b
Opcode Fuzzy Hash: ef85947ce27c22a7c9d3069ef0f5f12f32810a27feae03c44e1e90a2f95cc214
Instruction Fuzzy Hash: C0528270908B868FE735CB24C4847A7BBE2AF92318F14492EC5E746B83C779AD85C751

Function 00CA71F0 Relevance: .7, Instructions: 657COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6aafbe81223191cf40d2132615aca54f66722a05497e41e22d8ef8f2c73ccb44
Instruction ID: edd9ef52a0858afdd637d2710cd2b428906f9f47c646742314bea3b1be513ac7
Opcode Fuzzy Hash: 6aafbe81223191cf40d2132615aca54f66722a05497e41e22d8ef8f2c73ccb44
Instruction Fuzzy Hash: 1152D33150C3468FCB15CF29C4906AABBE1FF8A318F198A6DF89997352D734D949CB81

Function 00CA8FD0 Relevance: .6, Instructions: 620COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5595bc291d975f3009a9b6ce758937bf1cb0b6728ecfb24e568678dd888752c6
Instruction ID: 96fa064167ffad59703355525ccb69c94a51308c0da364a77df1b7ef4a6c54cf
Opcode Fuzzy Hash: 5595bc291d975f3009a9b6ce758937bf1cb0b6728ecfb24e568678dd888752c6
Instruction Fuzzy Hash: CA427475608342DFD708CF28D89176ABBE1FB89358F09886CE4858B3A1D335D985CF82

Function 00CA7BF0 Relevance: .6, Instructions: 592COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e569d3976396c844bf47a3edc21e09852d9009096f954e42dd92bcf2ef884cd
Instruction ID: 5f0eea82fa6226445c23c42b7fc4b7e4447edc8bf65d6e0e120c08ec2b5370bf
Opcode Fuzzy Hash: 3e569d3976396c844bf47a3edc21e09852d9009096f954e42dd92bcf2ef884cd
Instruction Fuzzy Hash: CD322370914B128FC368CF29C99056ABBF1BF46718B604A2ED6A787F90D736F945CB10

Function 00CE89A0 Relevance: .5, Instructions: 545COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fb472ac59dffc0e02dc5cd2afed518a3eac591743ccd1ec75c13b76be2c600f
Instruction ID: cceff39ed1ef102bc56dcbdb42cba6fe82590828773ffd87562fea109de1e414
Opcode Fuzzy Hash: 6fb472ac59dffc0e02dc5cd2afed518a3eac591743ccd1ec75c13b76be2c600f
Instruction Fuzzy Hash: F0029A35608281DFC708DF69E88062EBBF1EF8A315F09896DE5C987361C336D954CB92

Function 00CE8A80 Relevance: .5, Instructions: 524COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 637f225cfc3800e31c13d8bf5fb65c2cb8a1b99ac12794cd8a2640cd9820154c
Instruction ID: 0e82ff64ac6f06db77078e021c113a60cd3fcff80cdd2cde6160e9250d349525
Opcode Fuzzy Hash: 637f225cfc3800e31c13d8bf5fb65c2cb8a1b99ac12794cd8a2640cd9820154c
Instruction Fuzzy Hash: C7F1883560C381DFC708DF69E88062EFBE1EB8A305F09896DE5D987261D736D914CB92

Function 00CE8C02 Relevance: .5, Instructions: 487COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c0c3d2da57207da30152d589a1385a4f3b01e75e0bf93828de5df7b0a569383
Instruction ID: 3bdc53c5349a67bbff76a359ab49779afb06f193b59c8cee3481295ce4bc7a1f
Opcode Fuzzy Hash: 4c0c3d2da57207da30152d589a1385a4f3b01e75e0bf93828de5df7b0a569383
Instruction Fuzzy Hash: CAE1AE35608281CFC708DF29D88072EF7E2EB89315F09896DE5D987361D736E914CB92

Function 00CAA300 Relevance: .5, Instructions: 459COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
Instruction ID: 1738197090a6def6382cfd1816172358f1f363bb40d631516c3b06a70f55632c
Opcode Fuzzy Hash: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
Instruction Fuzzy Hash: 2BF1BC766087428FC724CF29C88166BFBE2AFD9304F08882DE4D587791E739E945CB56

Function 00CE8E70 Relevance: .4, Instructions: 420COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69ee0f2f6c4dd4343c9a8a35e675c60313fc01b813c482eed28c77ef205f3a18
Instruction ID: 5af93a29eab9a3bc35df89fb4a2f562470dcd7ce4eac0041bc71156551dd1a48
Opcode Fuzzy Hash: 69ee0f2f6c4dd4343c9a8a35e675c60313fc01b813c482eed28c77ef205f3a18
Instruction Fuzzy Hash: 5DD1BA3460C280DFD708EF29D88062EFBF5EB8A305F09896DE5D587261D736D914CB92

Function 00CB4487 Relevance: .4, Instructions: 389COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d284a82a469e5d7c3c12c99bb742ca47dacf003b01b9a80e1dc24923f4a657a
Instruction ID: 0d82acbd21be8300bf2c8091be65a5303a4fca891ad8171fc237ff1712aa160c
Opcode Fuzzy Hash: 5d284a82a469e5d7c3c12c99bb742ca47dacf003b01b9a80e1dc24923f4a657a
Instruction Fuzzy Hash: CFE10EB5601B408FD325CF28D992B97BBE1FF06708F04886CE4AACB652E735B815CB54

Function 00CE6CBF Relevance: .4, Instructions: 384COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50291b67997afe69ffb13db9f83818bea5155b2330ea8fa4d0b69bbd75ff9147
Instruction ID: 353ba22a5707c77c99221b910505bc268e08e09d464d1a95c5a3dd45e7710c6f
Opcode Fuzzy Hash: 50291b67997afe69ffb13db9f83818bea5155b2330ea8fa4d0b69bbd75ff9147
Instruction Fuzzy Hash: 86D10236618395DFC714CF78D88072EBBE1AB89354F0A8A6DE991C7391D730DA44CB92

Function 00CE7AB0 Relevance: .4, Instructions: 354COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1ac21ddeed6fab8896e9eb6a292ed8cce72ee6fa77752fa4f4be177ce3a589e
Instruction ID: 2efa7ebc58b13c79ea7b7e9c8e6a6a3643a3602c257da3fe71b5d53ef94f2b22
Opcode Fuzzy Hash: d1ac21ddeed6fab8896e9eb6a292ed8cce72ee6fa77752fa4f4be177ce3a589e
Instruction Fuzzy Hash: 79B12472A0C3904FE324DA6ACC4576BB7E9EBC5314F084A2DE99997381E735DD048792

Function 00CAAF10 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
Instruction ID: 1ea561b9160d55915214e7b41da7c5978ad615c3358fea102f5247160cf06dc1
Opcode Fuzzy Hash: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
Instruction Fuzzy Hash: 43C18EB2A087428FC370CF68DC967ABB7E1BF85318F08492DD1D9C6242E778A555CB46

Function 00CB6536 Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c12db074b413d5f27db80f7930c6eef74c6e7f2601567fb217521998f7d83d08
Instruction ID: 778d502a12b7477ae4173d1793f6495266e8e852ca1ec4c8ca1b3973484f8812
Opcode Fuzzy Hash: c12db074b413d5f27db80f7930c6eef74c6e7f2601567fb217521998f7d83d08
Instruction Fuzzy Hash: D8B1F2B4500B408FD325CF24D981B67BBF1AF46704F14885DE8AA8BB92E775F805CB65

Function 00CE7710 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: cf32637bb90721d08ae94a2fb5e2cb478353c8c0e7e1bdc0f0d16ae832079296
Instruction ID: a2c1ac48bc97d6841f0d6140e23257c4d733f83c2912318c9715d64fd7f9231f
Opcode Fuzzy Hash: cf32637bb90721d08ae94a2fb5e2cb478353c8c0e7e1bdc0f0d16ae832079296
Instruction Fuzzy Hash: A391C071A0C381ABE720DB16DC44B6FB7E5EB85350F544A2CF59497392E730E940DB92

Function 00CEA0D0 Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1e5e84a612d8e57879d1273e7f446d16a2899e2a918bc43c5918fea4d17a3b9
Instruction ID: 883095c63833590b9a6239c7b75e987bea9521ca39420e66e1a3093d9f81b3c5
Opcode Fuzzy Hash: a1e5e84a612d8e57879d1273e7f446d16a2899e2a918bc43c5918fea4d17a3b9
Instruction Fuzzy Hash: 05819D342087818FD724DF2AC880A2EB7F5EF89740F55896CE5968B261E731ED11CB92

Function 00CD64F0 Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6adea76c22b80819cab4bab325cf43c520ac29cfa1f12fd725651096d148cc6c
Instruction ID: 25d952b1cc7ee557b90b075f72e1d486ea60dcbea33080d410762b66acc4a2b8
Opcode Fuzzy Hash: 6adea76c22b80819cab4bab325cf43c520ac29cfa1f12fd725651096d148cc6c
Instruction Fuzzy Hash: 8571E933B29A904BC3149D7D5C81395AA434BD6334B3EC37AEAB5CB3E5D52989068340

Function 00CC28E9 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b54facbf34d45f2426ad4176ee4160808c7aabaf987566c2dc9c61e182fc99de
Instruction ID: 14cdedf9a5f2cf93668cad217690467b2cc1b3d0dceb776b4b8039efb2078fa8
Opcode Fuzzy Hash: b54facbf34d45f2426ad4176ee4160808c7aabaf987566c2dc9c61e182fc99de
Instruction Fuzzy Hash: 0E6176B45083408BD310AF19D891B2ABBF0EFA2754F18491CF8D58B262E339D910DB67

Function 00CC7C00 Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a3390aca8579f569b4eb0ce2e843048393768e9ba2187444c11f5d2a179b3d6
Instruction ID: c7364676bf6c2364229ed862f6af769cd228fb7859214aa89ab6ddbd76953b80
Opcode Fuzzy Hash: 2a3390aca8579f569b4eb0ce2e843048393768e9ba2187444c11f5d2a179b3d6
Instruction Fuzzy Hash: 7E51BDB1608205ABDB209B64CC86F7733B4EF85368F144A5CF9968B291F375DD41CB62

Function 00E017EB Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a7b55c3ff35abdffa89556d13861fb49955c01dd959520472e6240a6de9581c
Instruction ID: e06bc4c8713649b28f3fcdd150b01d5250959011b20996eb9def65fa2e28ad04
Opcode Fuzzy Hash: 5a7b55c3ff35abdffa89556d13861fb49955c01dd959520472e6240a6de9581c
Instruction Fuzzy Hash: 1971F5F3A086109FE7056A1DEC8077AFBE6EFD8720F16863DDAC493744EA7558008686

Function 00CD1860 Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
Instruction ID: 1a2f80bf24b83bea90e44d3b3f743a66e5609b10001aea032db2b16658c9c2fa
Opcode Fuzzy Hash: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
Instruction Fuzzy Hash: 4261D131609351BBD714CE69C58032EBBE2ABC5350F6DC82FEA998B351D270DE81A741

Function 00CD82D0 Relevance: .2, Instructions: 215COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2446f21ed4dc015b58b94d0739a6aadbc830f48cbdf09d76b2202259374fa4d
Instruction ID: b90bafbdd27755e33a21593515a5fb6760e71913d53f2cb154e8bb0c92d766fb
Opcode Fuzzy Hash: f2446f21ed4dc015b58b94d0739a6aadbc830f48cbdf09d76b2202259374fa4d
Instruction Fuzzy Hash: 5F614B33B5AA904BD314453E5C953AA6A831BD2730F3EC36BDAF58B3F5DD69480A4341

Function 00E3E1CD Relevance: .2, Instructions: 211COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8c990b453b74245e7104bfd73764f08849df9c2b3aa08a5ab5983109a7755bf
Instruction ID: 44f7588f6a2a3b47e2342bbdca43c75406637996a22dbb9d8cb2a15b9454cc42
Opcode Fuzzy Hash: c8c990b453b74245e7104bfd73764f08849df9c2b3aa08a5ab5983109a7755bf
Instruction Fuzzy Hash: F061AEF39082109FE3086F29DC8477AB7E5EF94720F16493EDAC593740EA7568448B87

Function 00CB42FC Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98942c4217c3406164e867a5813b642b7b8f2ac143509b73938da291406c3c5d
Instruction ID: 407e1e5dae7bcf3005d23b2e564bde9c28e1222919bc19f137588572969dede2
Opcode Fuzzy Hash: 98942c4217c3406164e867a5813b642b7b8f2ac143509b73938da291406c3c5d
Instruction Fuzzy Hash: 7081DFB4C10B40AFD360EF39D947797BEF4AB06201F404A1DE4EA96695E7306419DBE3

Function 00E5F9CC Relevance: .2, Instructions: 205COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f84f978d43be8789740c2a0b7c396c33b22585df61baed1a39b50c20a2eb83e
Instruction ID: f21cd940a96b311afed6155ec816f546392288401b99deecf1a285fe3f807f7a
Opcode Fuzzy Hash: 2f84f978d43be8789740c2a0b7c396c33b22585df61baed1a39b50c20a2eb83e
Instruction Fuzzy Hash: 74719CB3F112254BF3584D78CC683627693EB95314F2E827C8A99AB7C4CD7EAC095384

Function 00D3A2F2 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 607dd7558b4b9c559ff1a39ab78901a56deba5a06ce2a65ccd675232376f1d58
Instruction ID: f27595d35e81ef26089ab28b46f0ea69f2720c79f7026a3e9b5574ab29b0378a
Opcode Fuzzy Hash: 607dd7558b4b9c559ff1a39ab78901a56deba5a06ce2a65ccd675232376f1d58
Instruction Fuzzy Hash: 28512BF3E092149BF3042D29DD5436ABBA6DBD0320F2F453DDA8C57784DA3E58458686

Function 00CDE8A0 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
Instruction ID: bd0c2ddfca6d249fda9ded1ba5fb748fcd70651dfd56d00e4477302ad48b6d85
Opcode Fuzzy Hash: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
Instruction Fuzzy Hash: 1C515CB16087548FE314DF69D49435BBBE1BB85318F044E2EE5E987390E379DA088F82

Function 00E17836 Relevance: .2, Instructions: 185COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e99dd5908f0ce728f93d8378a4b5a1874eeef8713b2a6ae10dff53411230b38
Instruction ID: 87e9524d7e58911d5fcbc2ec6a5aa8ca600b7e3260c8a06e95b51d5b7fc2198a
Opcode Fuzzy Hash: 6e99dd5908f0ce728f93d8378a4b5a1874eeef8713b2a6ae10dff53411230b38
Instruction Fuzzy Hash: 985126F3A186185BE3106A2DEC44776BBD9EB94320F2B463DDE98D7740ED3A5C0582D2

Function 00CE7520 Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38443fb632d7f071f98b4304fbc9c37088156d4a03383462cd5c01b1ce2b2bdf
Instruction ID: 968265e94119119faa44287c7e92cfa114e1909c3cad2c499ba8353c471a46b2
Opcode Fuzzy Hash: 38443fb632d7f071f98b4304fbc9c37088156d4a03383462cd5c01b1ce2b2bdf
Instruction Fuzzy Hash: FF51E73160C6409BC7159E1ADC90B3EB7E6FB85358F284A2CF5E557391D631AC11C752

Function 00DBCB92 Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b0fc8765320905a0342de2eee33ceb951d82799fcf45f3f76170bfdd79aa79a
Instruction ID: 157b705b5954d1c47fd5bd0aa49d492087c84bd9ea5bd6af2b36f5fd22360fbe
Opcode Fuzzy Hash: 4b0fc8765320905a0342de2eee33ceb951d82799fcf45f3f76170bfdd79aa79a
Instruction Fuzzy Hash: 9D5138B3A0831C8BE3146E6EEC4872BBBD9D7D4320F5A863DAE8453784FD355C098685

Function 00CA5A50 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7633491e3c30f6be276c451980cf68a02056007609e125db502d9ade8c467712
Instruction ID: 1e5a626f39148fc6c5de4813f41831e8751bb39fece21cbfaf654f92837ff7d5
Opcode Fuzzy Hash: 7633491e3c30f6be276c451980cf68a02056007609e125db502d9ade8c467712
Instruction Fuzzy Hash: 9551D6B5A047069FC714DF14D890926B7A1FF8A32CF15866CF8A68B352D731ED42CB92

Function 00CCEC48 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afc793bcef563f448676b68780376eb42518c06e821662570d2fd1584e351f23
Instruction ID: 284a4f01d40c347224df263f184f7466205bf80f6ff22a6d432de9b20b97cfc1
Opcode Fuzzy Hash: afc793bcef563f448676b68780376eb42518c06e821662570d2fd1584e351f23
Instruction Fuzzy Hash: 6E41AEB8A00315DBDF208F94DC91BBDB7B0FF0A300F144548E955AB3A0EB39AA51DB91

Function 00CE9B60 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c33e2e5e1dbacff480e75283e8a31cbac8ee80376eb2be5a6c63a8868e4692b
Instruction ID: f73e2c2f5ed6b23f3c0465e70f4a258ed6b805917b6815a479fcb04a607e20ff
Opcode Fuzzy Hash: 2c33e2e5e1dbacff480e75283e8a31cbac8ee80376eb2be5a6c63a8868e4692b
Instruction Fuzzy Hash: 7941B174608380AFD710EB16D990B2FBBF6EB85714F24882CF69A97251D331ED01CB62

Function 00CB2030 Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffb004a37569aa88b83ef4ffc3a963d09fec2f77f3cf3720edc3d5c4cc0d2d91
Instruction ID: 5824349c1c8d3178d656d1b78758ba26fc0731143bb0f6b473bd17865773ea09
Opcode Fuzzy Hash: ffb004a37569aa88b83ef4ffc3a963d09fec2f77f3cf3720edc3d5c4cc0d2d91
Instruction Fuzzy Hash: 4141F732A083654FD35CCE2A949427ABBE2ABC5300F09862EE4E68B3D4DA748945D781

Function 00CB1E93 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e97f4c745ac830f96e72800c091b11ecfc272428c4c15c249b9ffdb3a50da45e
Instruction ID: f8cca955c3d2e0ffc5b8256e63ea82c16e7a1d17bf8d787a8f6f7e0633687e2f
Opcode Fuzzy Hash: e97f4c745ac830f96e72800c091b11ecfc272428c4c15c249b9ffdb3a50da45e
Instruction Fuzzy Hash: 6241F1745083809BD320AB59C894B2EFBF5FB86345F184D1CFAC497292C376E815CB66

Function 00CE8D8A Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1da2521846a1ec41838c47660dc0cdf8926439ef7cebbddd0f1decd40d1818b2
Instruction ID: 5701e7ad2b5a6f032e22a1a01c7b4b1f7c74256061299a1f0f0fae41375d8019
Opcode Fuzzy Hash: 1da2521846a1ec41838c47660dc0cdf8926439ef7cebbddd0f1decd40d1818b2
Instruction Fuzzy Hash: 8041053160C3958FC304DF69C89052EFBE6AF99300F198A1DD4D9D72A1CB75DE058B82

Function 00CBD961 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cecb1a47ab9b05559a9c277c1925d43fa56fd347b57532e0e594c7e055b3300e
Instruction ID: 894f5b5570e275941846c47e7f3b52db9282e3559876838872769eae355de027
Opcode Fuzzy Hash: cecb1a47ab9b05559a9c277c1925d43fa56fd347b57532e0e594c7e055b3300e
Instruction Fuzzy Hash: 7E41ABB16083818BD7309F14C881BEFB7B0FF96364F040968E49A9B792E7744940EB57

Function 00DBEA72 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f2596674ab458228821b336e5e4296629f9f6acd6247e4a270382990f5a1915
Instruction ID: a8b3843b66fdeec9ee348a05c2e6c7b698c4fdefe904b71732d7e0b28a3460e2
Opcode Fuzzy Hash: 6f2596674ab458228821b336e5e4296629f9f6acd6247e4a270382990f5a1915
Instruction Fuzzy Hash: 9F31F8B3A1C1145FE70CED39EC527BB7797DB80220F1AC63EE98686684E9794C0542D9

Function 00CDF030 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
Instruction ID: 4134046fec6c6431493b7f00b11f2d2539d3e41de2da1aceca7a1ea1e30f3bba
Opcode Fuzzy Hash: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
Instruction Fuzzy Hash: AB2125329082244BC3249B19C88063AF7E4FB99704F06C62EDAC5A7395E335AD1187E1

Function 00CE67EF Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 621c1bf7c2aafbec5eda4df332d5aba8b6a7df994d440034cd8e042c96449200
Instruction ID: b55dfdb3f2672be66eea1aeb04460ba99b279da051783079accbc71a01400e01
Opcode Fuzzy Hash: 621c1bf7c2aafbec5eda4df332d5aba8b6a7df994d440034cd8e042c96449200
Instruction Fuzzy Hash: 3231287051C3829AD714CF15C49062FBBF0EFA6784F54590DF4C8A7261D338DA85CB9A

Function 00CC5E70 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c48e0eb6515649afee53d16f6ea85788e4f8dbb9eaf4d03d9e8006f423a664ad
Instruction ID: 935b7d1f80344bf6d8815de68ea16224f6790a35384f7319d74d842c587212de
Opcode Fuzzy Hash: c48e0eb6515649afee53d16f6ea85788e4f8dbb9eaf4d03d9e8006f423a664ad
Instruction Fuzzy Hash: B321A1B05086019BC310AF58C841E6BB7F4EF92764F54890CF4D59B292E338EA40DBA3

Function 00CA49A0 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
Instruction ID: a9742828f369a921ed8166b9d924f105bd2bd11adc7736bc4eb49627af787b17
Opcode Fuzzy Hash: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
Instruction Fuzzy Hash: BC312C317482029FC7189E28D88092BB7E5EFC631DF18892CE8AAC7251D371DD52DB46

Function 00CE64B8 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a81360ddfea8c40d3e1fdb837ebc8d15870d0d663308d18062b59cf077ddab58
Instruction ID: 1e141157bee877c50cf9970134ad08d8fffe754feb935c92a6d3ea030d490284
Opcode Fuzzy Hash: a81360ddfea8c40d3e1fdb837ebc8d15870d0d663308d18062b59cf077ddab58
Instruction Fuzzy Hash: B321397062C2819BC705EF1AD480A2EFBE5EBA5785F28881CE5D5932A1C335A851CB63

Function 00EDBA91 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd9a92a27d042c230e83a4ef8a9e140e8c37af774338ae361a8a6afe85e6e0f1
Instruction ID: 8511bb6cfc06b517aef1b85c3df3e3a024ff44ec0de5efb3ee951c985335f4e0
Opcode Fuzzy Hash: dd9a92a27d042c230e83a4ef8a9e140e8c37af774338ae361a8a6afe85e6e0f1
Instruction Fuzzy Hash: F1211BF251C6049FE309AE29DC8276AFBE5EB98310F12492DE6C5C3750E630A4408A87

Function 00CB0EEC Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac198299d8346025a84a94166bfceafea76b682747c1078dd24082d51cc20386
Instruction ID: f783dad07de0f0c9bcd278a490fca75a4de1a76f91fa86950ced8445ef42e44e
Opcode Fuzzy Hash: ac198299d8346025a84a94166bfceafea76b682747c1078dd24082d51cc20386
Instruction Fuzzy Hash: AB2109B4A0025A9FEB15CF94CC90BBFBBB1FB4A304F244859E511BB292C735A911DB64

Function 00CE5700 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e44b3f9ca3a9cc8a86a788afe99f14a412d015e5a6fab21137fe3f09725a4e07
Instruction ID: 073f57a2deb39e1c781bddd04bae86f477a8a4a401275b2f183ffbe1d17b587f
Opcode Fuzzy Hash: e44b3f9ca3a9cc8a86a788afe99f14a412d015e5a6fab21137fe3f09725a4e07
Instruction Fuzzy Hash: 94119E7191C280EBC301AF29E844A2FBBF5AF86714F15882CF4C49B211D335D921CB97

Function 00CDB650 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction ID: 13885ded14a2159727034cce458d03e8492c0315708abea0ab290f844fd6a598
Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction Fuzzy Hash: 1E11E933A051D48EC71A8D3C8440569BFA31AA3634B5A439EF5B49B3D2D722CE8B8354

Function 00CD0B80 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
Instruction ID: c0a779299bc419f1be2427041e18f95cfaf293ba4c2c99ae3d49aff720ec7ebc
Opcode Fuzzy Hash: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
Instruction Fuzzy Hash: E001D4F5B043026BE720DE1894D0B3BB2A86F8171CF28452FEA5647302DB72ED04E291

Function 00CCD1E1 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 518dbf3e8d5625f9f48b5ab3b6db1b4400184d5c2a224311ec3899a45972f4ac
Instruction ID: d56e5c64e89a57514d11cfc42ba4cbc8c8d81aa1e637838e83a14c90bd43626a
Opcode Fuzzy Hash: 518dbf3e8d5625f9f48b5ab3b6db1b4400184d5c2a224311ec3899a45972f4ac
Instruction Fuzzy Hash: 7611DBB0418380AFD3109F61C484A2FFBE5EBA6714F248C1DF6A59B251C379E819DB56

Function 00CA6EA0 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 726442f1f378c04dc3f94e6053f1022fc6064be85ff5fa46f35012f55a860d09
Instruction ID: dfa9f3912935fdc446f04ae869ac0c2d6b54fcc7586f70525aa0f9e3037163b0
Opcode Fuzzy Hash: 726442f1f378c04dc3f94e6053f1022fc6064be85ff5fa46f35012f55a860d09
Instruction Fuzzy Hash: 62F0243A71920B0FA210CDAAACC0A3BB396D7CA358B191538EE90C3201DD72E80281D0

Function 00CDB8C0 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
Instruction ID: 6506d07c58c905065930edc77b6421f51c28c54387ea28b09faa2761b04cb969
Opcode Fuzzy Hash: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
Instruction Fuzzy Hash: 1E0162B3A199610B8348CE3DDC1156BBAD15BD5770F19872DBEF5CB3E0D230C8118695

Function 00CBC5F0 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
Instruction ID: afd6f86e1ed7dc578beff9a6215ab27dc393fb41cabbec3b70aacfa27007612f
Opcode Fuzzy Hash: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
Instruction Fuzzy Hash: EB014B72A196204B8308CE3C9C1112ABEE19B86330F158B2EBCFAD73E0D664CD548696

Function 00CBB410 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
Instruction ID: c7ee9c9c4419547dd40a1488d04311befea96b97ecc60b69a43bf3cf896177b5
Opcode Fuzzy Hash: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
Instruction Fuzzy Hash: 01F0ECB16045105BDF228A549CC0FB7BB9CDB8B354F190436E84557103D2A19C45C7E5

Function 00CD8220 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26cfa380e01f80fbcc41a398aedcce351f512b1726f9a7373888cb275f90654f
Instruction ID: 92dfed0fa9de569f4ff9f383a6902d21b2ade40b9dab7988d0c2b30fa7367ecc
Opcode Fuzzy Hash: 26cfa380e01f80fbcc41a398aedcce351f512b1726f9a7373888cb275f90654f
Instruction Fuzzy Hash: B301E4F04107409FC360EF29C48574BBBE8EB08714F104A1DE8AECB680D770A5448B82

Function 00CE1440 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
Instruction ID: 24c4194f3a9dc3c4ccd2dd02a2f5a3d5c4bd55146e032209a3c0aeafc878e77e
Opcode Fuzzy Hash: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
Instruction Fuzzy Hash: 1BD0A731608361469F748E1AA40097BF7F0EAC7B11F4D955EF996E3288D230DC41C2A9

Function 00CB1ACD Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d740294d5e04407abba1ae263e6653309e3f9962566f4b062efc3166e1b4afe5
Instruction ID: 3a5e9faa233bc1f035f1555c45663db1248c7eb46f213c1d1c4cb8423350804c
Opcode Fuzzy Hash: d740294d5e04407abba1ae263e6653309e3f9962566f4b062efc3166e1b4afe5
Instruction Fuzzy Hash: 70C08C34A190808BC208CF05FCE5B3AB7B8A307309B40B03EDA03FB2A1CA60D403D90A

Function 00CE6094 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44c46a1c89728ebc96c391258c61b59323c54a47ea51d8b8f598672f80e9dff0
Instruction ID: 424820c98e0eb975573d7e29514f5eef277f886346d5b2a1521fca14cb381427
Opcode Fuzzy Hash: 44c46a1c89728ebc96c391258c61b59323c54a47ea51d8b8f598672f80e9dff0
Instruction Fuzzy Hash: BAC09B3465C08097930CCF05D961779F3769BD7718724B01EC80623255C134D512D51D

Function 00CB1A3C Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24ca2091fe01222a51f7cd4ef9860ba90b272076b6ae66b5695aa66f8d1626e3
Instruction ID: fa33c8cecb314d152877feeb36ae67b8aff6c79b39e676d3f110550c3ce1a589
Opcode Fuzzy Hash: 24ca2091fe01222a51f7cd4ef9860ba90b272076b6ae66b5695aa66f8d1626e3
Instruction Fuzzy Hash: 5CC09B34A590C4CBC644CF86E8F1775A3FD5307208B54743E9B43FF2A1C560D4069509

Function 00CE5FD6 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2188430349.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.2188416534.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188459439.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188474832.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188554084.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188564302.0000000000E6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188575537.0000000000E79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188585334.0000000000E7B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E7C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188595782.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188618155.0000000000E8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188631151.0000000000E91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188644501.0000000000EA0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188655404.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188673093.0000000000EC0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188686771.0000000000ECB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188701867.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188713400.0000000000EE2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188723929.0000000000EE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188735795.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188746299.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188758071.0000000000EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188770083.0000000000EFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188780655.0000000000EFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188793278.0000000000F07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188803189.0000000000F08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188812939.0000000000F09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188823481.0000000000F10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188833448.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188842952.0000000000F1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188853286.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188862482.0000000000F23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188876384.0000000000F3C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188886569.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188919250.0000000000F77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188930930.0000000000F78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188941609.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188952202.0000000000F8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188961563.0000000000F95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188982656.0000000000FA3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2188994016.0000000000FA4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dca48298d99e65f7a46bc1413bdf77d614e9b85a7cdd220dd45e06475e0f0dca
Instruction ID: 137923159d4ef456d6dd2751089d1f1e2668762ea04f86c5c0bd29f2c614ca7a
Opcode Fuzzy Hash: dca48298d99e65f7a46bc1413bdf77d614e9b85a7cdd220dd45e06475e0f0dca
Instruction Fuzzy Hash: 38C09234B68080ABA34CCF18DD61B39F2BA9B8BA18B14B02EC806A325AD134D512C60D

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Windows Analysis Report
file.exe

Function 00CE50FA Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63
libraryCOMMON

Function 00CAFCA0 Relevance: 5.4, Strings: 4, Instructions: 373
COMMON

Function 00CAD110 Relevance: 1.7, APIs: 1, Instructions: 168
COMMON

Function 00CE5BB0 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Function 00CE695B Relevance: 1.4, Strings: 1, Instructions: 100
COMMON

Function 00CB049B Relevance: .3, Instructions: 264
COMMON

Function 00CB0228 Relevance: .2, Instructions: 218
COMMON

Function 00CE3220 Relevance: 1.6, APIs: 1, Instructions: 59
memoryCOMMON

Function 00CE3202 Relevance: 1.5, APIs: 1, Instructions: 6
memoryCOMMON