Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1541677
MD5:	8a8ac6e786885a36e9ad6f8143fbea3f
SHA1:	2682fca6d8bba7aba4505f8714a223a07c7bb5cd
SHA256:	49cbacde80b5c92732411b538fbaec79d88bda59faa3e20cbd7d67665d9020bf
Tags:	exeuser-Bitsight
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Detected unpacking (changes PE section rights)

Found malware configuration

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Hides threads from debuggers

LummaC encrypted strings found

Machine Learning detection for sample

PE file contains section with special chars

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Detected potential crypto function

Entry point lies outside standard sections

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

file.exe (PID: 6544 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 8A8AC6E786885A36E9AD6F8143FBEA3F)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["clearancek.site", "spirittunek.store", "licendfilteo.site", "eaglepawnoy.store", "mobbipenju.store", "studennotediw.store", "bathdoomgaz.store", "dissapoiznw.store"], "Build id": "4SD0y4--legendaryy"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Suricata Signatures

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T01:25:57.914503+0200	2056477	1	Domain Observed Used for C2 Detected	192.168.2.4	60823	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T01:25:57.851899+0200	2056471	1	Domain Observed Used for C2 Detected	192.168.2.4	50769	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T01:25:57.889509+0200	2056481	1	Domain Observed Used for C2 Detected	192.168.2.4	56897	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T01:25:57.876813+0200	2056483	1	Domain Observed Used for C2 Detected	192.168.2.4	55831	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T01:25:57.938081+0200	2056473	1	Domain Observed Used for C2 Detected	192.168.2.4	50876	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T01:25:57.864858+0200	2056485	1	Domain Observed Used for C2 Detected	192.168.2.4	55271	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T01:25:57.926922+0200	2056475	1	Domain Observed Used for C2 Detected	192.168.2.4	54746	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T01:25:57.901894+0200	2056479	1	Domain Observed Used for C2 Detected	192.168.2.4	51224	1.1.1.1	53	UDP

ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T01:25:59.847648+0200	2858666	1	Domain Observed Used for C2 Detected	192.168.2.4	49730	104.102.49.254	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Found malware configuration

Source: file.exe.6544.0.memstrmin

Malware Configuration Extractor: LummaC {"C2 url": ["clearancek.site", "spirittunek.store", "licendfilteo.site", "eaglepawnoy.store", "mobbipenju.store", "studennotediw.store", "bathdoomgaz.store", "dissapoiznw.store"], "Build id": "4SD0y4--legendaryy"}

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: clearancek.site
Source: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: licendfilteo.site
Source: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: spirittunek.store
Source: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: bathdoomgaz.store
Source: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: studennotediw.store
Source: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: dissapoiznw.store
Source: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: eaglepawnoy.store
Source: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: mobbipenju.store
Source: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: clearancek.site
Source: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: 4SD0y4--legendaryy

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49730 version: TLS 1.2

Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_009050FA
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_008CD110
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_008CD110
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh	0_2_009063B8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	0_2_009099D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h	0_2_0090695B
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	0_2_008CFCA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	0_2_008D0EEC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00906094
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, dword ptr [edx]	0_2_008C1000
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	0_2_008D6F91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then dec ebx	0_2_008FF030
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	0_2_00904040
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	0_2_008ED1E1
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_008D42FC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_008E2260
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [esi], ax	0_2_008E2260
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_008F23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_008F23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_008F23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_008F23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_008F23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+14h]	0_2_008F23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebp, eax	0_2_008CA300
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh	0_2_009064B8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_008EE40C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp], 00000000h	0_2_008DB410
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx eax, word ptr [esi+ecx]	0_2_00901440
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_008DD457
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	0_2_008EC470
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_008E9510
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh	0_2_00907520
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_008D6536
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_008FB650
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_008EE66A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_008ED7AF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+08h]	0_2_009067EF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [edi+eax]	0_2_00907710
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00905700
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_008E28E9
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+edi]	0_2_008C49A0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h	0_2_00903920
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h	0_2_008DD961
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_008D1ACD
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_008D1A3C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	0_2_00904A40
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+ebx]	0_2_008C5A50
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_008F0B80
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+40h]	0_2_008D1BEE
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_008D3BE2
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+000006B8h]	0_2_008DDB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h	0_2_008DDB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	0_2_00909B60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_008EAC91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [edx], ax	0_2_008EAC91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h	0_2_008ECCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_008ECCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h	0_2_008ECCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00909CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh	0_2_00909CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h	0_2_008E7C00
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh	0_2_008FFC20
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [eax+esi+02h], 0000h	0_2_008EEC48
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00908D8A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh	0_2_008EFD10
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_008EDD29
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+40h]	0_2_008D1E93
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [ecx+esi]	0_2_008C6EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp byte ptr [ebx], 00000000h	0_2_008D6EBF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [ebp+00h]	0_2_008CBEB0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edi, ecx	0_2_008D4E2A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, word ptr [ecx]	0_2_008EAE57
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_008E7E60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_008E5E70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	0_2_008D6F91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00905FD6
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h	0_2_00907FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00907FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [edx], 0000h	0_2_008DFFDF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_008C8FD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_008E9F62
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_008FFF70

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.4:56897 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.4:51224 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.4:55831 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.4:50769 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.4:55271 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.4:54746 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.4:50876 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.4:60823 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.4:49730 -> 104.102.49.254:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: clearancek.site
Source: Malware configuration extractor	URLs: spirittunek.store
Source: Malware configuration extractor	URLs: licendfilteo.site
Source: Malware configuration extractor	URLs: eaglepawnoy.store
Source: Malware configuration extractor	URLs: mobbipenju.store
Source: Malware configuration extractor	URLs: studennotediw.store
Source: Malware configuration extractor	URLs: bathdoomgaz.store
Source: Malware configuration extractor	URLs: dissapoiznw.store

Source: Joe Sandbox View

IP Address: 104.102.49.254 104.102.49.254

Source: Joe Sandbox View

ASN Name: AKAMAI-ASUS AKAMAI-ASUS

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: global traffic

HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000003.1698553601.0000000001513000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1716465250.0000000001513000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cbcfeb0e5371aba24e9977faccad43253; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=346313cc8dbc10599301df23; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type26105Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveThu, 24 Oct 2024 23:25:59 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: clearancek.site
Source: global traffic	DNS traffic detected: DNS query: mobbipenju.store
Source: global traffic	DNS traffic detected: DNS query: eaglepawnoy.store
Source: global traffic	DNS traffic detected: DNS query: dissapoiznw.store
Source: global traffic	DNS traffic detected: DNS query: studennotediw.store
Source: global traffic	DNS traffic detected: DNS query: bathdoomgaz.store
Source: global traffic	DNS traffic detected: DNS query: spirittunek.store
Source: global traffic	DNS traffic detected: DNS query: licendfilteo.site
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com

Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1716465250.0000000001513000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:27060
Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698553601.0000000001498000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698553601.0000000001498000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698553601.0000000001498000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: file.exe, 00000000.00000002.1716465250.0000000001513000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.steampowered.com/
Source: file.exe, 00000000.00000003.1698553601.000000000149F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1716328542.000000000149F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bathdoomgaz.store:443/api
Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1716465250.0000000001513000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1716465250.0000000001513000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/
Source: file.exe, 00000000.00000002.1716465250.0000000001513000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkout.steampowered.com/
Source: file.exe, 00000000.00000003.1698553601.000000000149F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1716328542.000000000149F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clearancek.site:443/api
Source: file.exe, 00000000.00000003.1698553601.000000000149F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1716328542.000000000149F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clearancek.site:443/apiapib
Source: file.exe, 00000000.00000002.1716465250.0000000001513000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/
Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1716233441.0000000001495000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=ljhW-PbGuX
Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=pwVcIAtHNXwg&l=english&am
Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/fatalerror.css?v=wctRWaBvNt2z&l=e
Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4BMeDcNiCU&l=engli
Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698553601.0000000001498000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698553601.0000000001498000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b
Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698553601.0000000001498000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=W9BX
Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698553601.0000000001498000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=
Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=bOP7RorZq4_W&l=englis
Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&
Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&
Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpE
Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&l=engl
Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&l=
Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=Ff_1prscqzeu&
Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&
Source: file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p
Source: file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1
Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcV
Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v
Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&amp
Source: file.exe, 00000000.00000002.1716465250.0000000001513000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/
Source: file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/en/
Source: file.exe, 00000000.00000003.1698553601.000000000149F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1716328542.000000000149F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://licendfilteo.site:443/api
Source: file.exe, 00000000.00000002.1716465250.0000000001513000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.steampowered.com/
Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1716465250.0000000001513000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lv.queniujq.cn
Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://medal.tv
Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://player.vimeo.com
Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1716465250.0000000001513000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net
Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1716465250.0000000001513000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.ytimg.com;
Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sketchfab.com
Source: file.exe, 00000000.00000003.1698553601.000000000149F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1716328542.000000000149F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://spirittunek.store:443/api
Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1716465250.0000000001513000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steam.tv/
Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1716465250.0000000001513000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1716465250.0000000001513000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast.akamaized.net
Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1716465250.0000000001513000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698553601.0000000001498000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com
Source: file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1716465250.0000000001513000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1716233441.0000000001495000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: file.exe, 00000000.00000003.1698553601.000000000149F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1716328542.000000000149F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/G
Source: file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/discussions/
Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698553601.0000000001498000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/market/
Source: file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: file.exe, 00000000.00000003.1698553601.000000000149F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1716328542.00000000014BF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1716328542.000000000149F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698553601.00000000014BF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
Source: file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/workshop/
Source: file.exe, 00000000.00000003.1698553601.000000000149F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1716328542.000000000149F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900z
Source: file.exe, 00000000.00000002.1716465250.0000000001513000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/
Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;
Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cbcfeb0e5371aba2
Source: file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/about/
Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/explore/
Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698553601.0000000001498000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/legal/
Source: file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/mobile
Source: file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/news/
Source: file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/stats/
Source: file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1716465250.0000000001513000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/
Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1716465250.0000000001513000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1716465250.0000000001513000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698553601.0000000001498000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com
Source: file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1716465250.0000000001513000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443

Source: unknown

HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49730 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008D0228	0_2_008D0228
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090A0D0	0_2_0090A0D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008C1000	0_2_008C1000
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008D2030	0_2_008D2030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00904040	0_2_00904040
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008CE1A0	0_2_008CE1A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B071C8	0_2_00B071C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008C71F0	0_2_008C71F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008C5160	0_2_008C5160
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F82D0	0_2_008F82D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F12D0	0_2_008F12D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009652EC	0_2_009652EC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008C12F7	0_2_008C12F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9A246	0_2_00A9A246
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008CB3A0	0_2_008CB3A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008C13A3	0_2_008C13A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F23E0	0_2_008F23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008CA300	0_2_008CA300
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9633C	0_2_00A9633C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008D4487	0_2_008D4487
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008D049B	0_2_008D049B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F64F0	0_2_008F64F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9141F	0_2_00A9141F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8C45C	0_2_00A8C45C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008EC470	0_2_008EC470
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008C35B0	0_2_008C35B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008DC5F0	0_2_008DC5F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009086F0	0_2_009086F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008FF620	0_2_008FF620
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00908652	0_2_00908652
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008C164F	0_2_008C164F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008FE8A0	0_2_008FE8A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008FB8C0	0_2_008FB8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB2835	0_2_00AB2835
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F1860	0_2_008F1860
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E098B	0_2_008E098B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009089A0	0_2_009089A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8F9EA	0_2_00A8F9EA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A949D1	0_2_00A949D1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0097394A	0_2_0097394A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00908A80	0_2_00908A80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00907AB0	0_2_00907AB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00904A40	0_2_00904A40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009DEB94	0_2_009DEB94
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8BB9F	0_2_00A8BB9F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008C7BF0	0_2_008C7BF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008DDB6F	0_2_008DDB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00906CBF	0_2_00906CBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008ECCD0	0_2_008ECCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6CC20	0_2_00A6CC20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00908C02	0_2_00908C02
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008EFD10	0_2_008EFD10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008EDD29	0_2_008EDD29
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E8D62	0_2_008E8D62
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008D6EBF	0_2_008D6EBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008CBEB0	0_2_008CBEB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8DEC3	0_2_00A8DEC3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B07E3D	0_2_00B07E3D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A97E38	0_2_00A97E38
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008D4E2A	0_2_008D4E2A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008EAE57	0_2_008EAE57
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00908E70	0_2_00908E70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00907FC0	0_2_00907FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008C8FD0	0_2_008C8FD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008CAF10	0_2_008CAF10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A92F13	0_2_00A92F13
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6DF43	0_2_00A6DF43

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 008DD300 appears 152 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 008CCAA0 appears 48 times

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: ZLIB complexity 0.9994972153465347

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/0@9/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008F8220 CoCreateInstance,

0_2_008F8220

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: file.exe	String found in binary or memory: RtlAllocateHeap3Cannot find '%s'. Please, re-install this applicationThunRTMain__vbaVarTstNeQ

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior

Source: file.exe

Static file information: File size 2916864 > 1048576

Source: file.exe

Static PE information: Raw size of mdtsvfye is bigger than: 0x100000 < 0x29ec00

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.8c0000.0.unpack :EW;.rsrc :W;.idata :W;mdtsvfye:EW;bwtuuemd:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;mdtsvfye:EW;bwtuuemd:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x2ca44b should be: 0x2d0c74

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name: mdtsvfye
Source: file.exe	Static PE information: section name: bwtuuemd
Source: file.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B010AD push ebx; mov dword ptr [esp], 4AAB3668h	0_2_00B010DB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A030F5 push edx; mov dword ptr [esp], ebx	0_2_00A03162
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A030F5 push eax; mov dword ptr [esp], edx	0_2_00A0318A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A030F5 push edi; mov dword ptr [esp], edx	0_2_00A031A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A030F5 push 5355C787h; mov dword ptr [esp], edx	0_2_00A031B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A030F5 push ebp; mov dword ptr [esp], esp	0_2_00A031BC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A030F5 push 5D78FAD2h; mov dword ptr [esp], esi	0_2_00A03221
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A030F5 push esi; mov dword ptr [esp], ebx	0_2_00A03239
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A030F5 push eax; mov dword ptr [esp], edx	0_2_00A0326E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A030F5 push 62D30D7Eh; mov dword ptr [esp], edi	0_2_00A03278
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A030F5 push ebp; mov dword ptr [esp], esi	0_2_00A032CF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE90D3 push 65F5412Ch; mov dword ptr [esp], ecx	0_2_00AE90F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE90D3 push ebx; mov dword ptr [esp], 7AB7561Ch	0_2_00AE9108
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBF03F push ecx; mov dword ptr [esp], esi	0_2_00BBF0C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBF03F push eax; mov dword ptr [esp], ebx	0_2_00BBF0D3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBF03F push ebx; mov dword ptr [esp], 7EFE9F78h	0_2_00BBF0F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBF03F push 64574B37h; mov dword ptr [esp], ebp	0_2_00BBF14B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B49054 push eax; mov dword ptr [esp], ecx	0_2_00B4917E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBF19F push ebp; mov dword ptr [esp], eax	0_2_00BBF2EA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D11C5 push esi; mov dword ptr [esp], 6FF91B84h	0_2_009D11FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D11C5 push edx; mov dword ptr [esp], edi	0_2_009D1264
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D11C5 push 107887F7h; mov dword ptr [esp], edx	0_2_009D12B7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D11C5 push ecx; mov dword ptr [esp], 3DC7EE03h	0_2_009D12BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B071C8 push edi; mov dword ptr [esp], 7DF6CECDh	0_2_00B071F9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B071C8 push 49F60D51h; mov dword ptr [esp], edi	0_2_00B07281
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B54144 push ecx; mov dword ptr [esp], esp	0_2_00B5418D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B012AC push 5B26B2FAh; mov dword ptr [esp], ebp	0_2_00B012F2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AAE291 push esi; mov dword ptr [esp], ebp	0_2_00AAE950
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009652EC push ecx; mov dword ptr [esp], ebx	0_2_00965309
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009652EC push 11071BF1h; mov dword ptr [esp], edx	0_2_0096540D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009652EC push ebx; mov dword ptr [esp], ecx	0_2_00965411

Source: file.exe

Static PE information: section name: entropy: 7.9804405132247425

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9242A4 second address: 9242A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9F3D5 second address: A9F3F6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 je 00007F6F0CD49E38h 0x0000000e push edx 0x0000000f pop edx 0x00000010 pushad 0x00000011 jmp 00007F6F0CD49E3Ah 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 push ecx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9E35F second address: A9E373 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6F0CE923E0h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9E373 second address: A9E38B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F6F0CD49E3Eh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9E38B second address: A9E391 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9E8DD second address: A9E8E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9E8E5 second address: A9E8EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9E8EF second address: A9E8F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9EA59 second address: A9EA63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F6F0CE923D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9EA63 second address: A9EA86 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F0CD49E45h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jnc 00007F6F0CD49E36h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9EA86 second address: A9EA8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9EA8A second address: A9EAA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 jmp 00007F6F0CD49E3Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA0E4D second address: AA0E52 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA0FA5 second address: AA0FAF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F6F0CD49E36h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA0FAF second address: AA0FB3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A944B0 second address: A944C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6F0CD49E42h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A944C6 second address: A944CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABEAD5 second address: ABEADD instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABEADD second address: ABEAFF instructions: 0x00000000 rdtsc 0x00000002 jne 00007F6F0CE923ECh 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABEAFF second address: ABEB03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABED7A second address: ABEDA6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 je 00007F6F0CE923D6h 0x0000000b jmp 00007F6F0CE923E4h 0x00000010 ja 00007F6F0CE923D6h 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 push ecx 0x0000001a pop ecx 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABEDA6 second address: ABEDCB instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007F6F0CD49E48h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABEDCB second address: ABEDE4 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F6F0CE923DFh 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABEDE4 second address: ABEDF4 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F6F0CD49E36h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABEDF4 second address: ABEDFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F6F0CE923D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABF246 second address: ABF24B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABF24B second address: ABF256 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007F6F0CE923D6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABF382 second address: ABF396 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6F0CD49E40h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABF396 second address: ABF3CF instructions: 0x00000000 rdtsc 0x00000002 jns 00007F6F0CE923D6h 0x00000008 jp 00007F6F0CE923D6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jmp 00007F6F0CE923E8h 0x00000015 pop edx 0x00000016 push edi 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F6F0CE923DBh 0x0000001e push edi 0x0000001f pop edi 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABF706 second address: ABF70A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABF85B second address: ABF85F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABF9DE second address: ABF9E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABF9E3 second address: ABFA09 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F0CE923E7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jnc 00007F6F0CE923D6h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABFCDF second address: ABFCEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABFCEE second address: ABFD1C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F0CE923DAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jp 00007F6F0CE923D6h 0x00000010 pushad 0x00000011 popad 0x00000012 pushad 0x00000013 popad 0x00000014 jmp 00007F6F0CE923E4h 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABFD1C second address: ABFD22 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB824D second address: AB8252 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABFEAD second address: ABFEB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABFEB1 second address: ABFEB7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC0500 second address: AC0524 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jnp 00007F6F0CD49E36h 0x0000000c jns 00007F6F0CD49E36h 0x00000012 popad 0x00000013 push ebx 0x00000014 pushad 0x00000015 popad 0x00000016 pop ebx 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b jbe 00007F6F0CD49E36h 0x00000021 pushad 0x00000022 popad 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC0524 second address: AC053F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F0CE923E5h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC053F second address: AC0543 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC07E0 second address: AC07E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC07E5 second address: AC0818 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F6F0CD49E44h 0x00000008 pushad 0x00000009 popad 0x0000000a push esi 0x0000000b pop esi 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jo 00007F6F0CD49E51h 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F6F0CD49E3Dh 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC0818 second address: AC081C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC0C2C second address: AC0C3B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F0CD49E3Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC0C3B second address: AC0C41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A90FAC second address: A90FB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC82DD second address: AC82E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC82E1 second address: AC82E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC82E7 second address: AC82FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jbe 00007F6F0CE923D6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push ecx 0x00000012 pushad 0x00000013 popad 0x00000014 pop ecx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC82FC second address: AC8301 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC6FD0 second address: AC6FD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC6FD6 second address: AC6FDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8F4FE second address: A8F502 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8F502 second address: A8F512 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jne 00007F6F0CD49E36h 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8F512 second address: A8F516 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACCA23 second address: ACCA2E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACCA2E second address: ACCA52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 jng 00007F6F0CE923D8h 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 jns 00007F6F0CE923DEh 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACCA52 second address: ACCA69 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F0CD49E3Dh 0x00000007 jp 00007F6F0CD49E36h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACCF0B second address: ACCF2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F6F0CE923E2h 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACCF2A second address: ACCF2E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACCF2E second address: ACCF44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 jmp 00007F6F0CE923DBh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACD096 second address: ACD0C0 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F6F0CD49E36h 0x00000008 jc 00007F6F0CD49E36h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F6F0CD49E48h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACF1EE second address: ACF20C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F0CE923DAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jne 00007F6F0CE923DCh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACF20C second address: ACF211 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACF296 second address: ACF2DB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 add dword ptr [esp], 25EE79E4h 0x0000000e call 00007F6F0CE923D9h 0x00000013 jmp 00007F6F0CE923E1h 0x00000018 push eax 0x00000019 jmp 00007F6F0CE923E3h 0x0000001e mov eax, dword ptr [esp+04h] 0x00000022 pushad 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACF2DB second address: ACF2F4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F0CD49E42h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACF47F second address: ACF491 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6F0CE923DEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACFE64 second address: ACFE6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACFE6D second address: ACFE71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACFF39 second address: ACFF3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACFF3E second address: ACFF94 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jg 00007F6F0CE923D6h 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c xchg eax, ebx 0x0000000d jmp 00007F6F0CE923E9h 0x00000012 nop 0x00000013 jmp 00007F6F0CE923E8h 0x00000018 push eax 0x00000019 push eax 0x0000001a push edx 0x0000001b push ebx 0x0000001c jmp 00007F6F0CE923E2h 0x00000021 pop ebx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD09DB second address: AD0A70 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F6F0CD49E36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c jo 00007F6F0CD49E44h 0x00000012 push edi 0x00000013 jmp 00007F6F0CD49E3Ch 0x00000018 pop edi 0x00000019 nop 0x0000001a xor edi, 5D96287Dh 0x00000020 push 00000000h 0x00000022 jmp 00007F6F0CD49E3Eh 0x00000027 push 00000000h 0x00000029 push 00000000h 0x0000002b push esi 0x0000002c call 00007F6F0CD49E38h 0x00000031 pop esi 0x00000032 mov dword ptr [esp+04h], esi 0x00000036 add dword ptr [esp+04h], 0000001Dh 0x0000003e inc esi 0x0000003f push esi 0x00000040 ret 0x00000041 pop esi 0x00000042 ret 0x00000043 xchg eax, ebx 0x00000044 jne 00007F6F0CD49E54h 0x0000004a push eax 0x0000004b push eax 0x0000004c push edx 0x0000004d jmp 00007F6F0CD49E3Fh 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD24EB second address: AD255A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 push eax 0x00000007 jmp 00007F6F0CE923E7h 0x0000000c nop 0x0000000d push ecx 0x0000000e and esi, dword ptr [ebp+122D1F80h] 0x00000014 pop esi 0x00000015 push 00000000h 0x00000017 mov esi, dword ptr [ebp+122D3399h] 0x0000001d push 00000000h 0x0000001f push 00000000h 0x00000021 push ebx 0x00000022 call 00007F6F0CE923D8h 0x00000027 pop ebx 0x00000028 mov dword ptr [esp+04h], ebx 0x0000002c add dword ptr [esp+04h], 00000017h 0x00000034 inc ebx 0x00000035 push ebx 0x00000036 ret 0x00000037 pop ebx 0x00000038 ret 0x00000039 xchg eax, ebx 0x0000003a push ebx 0x0000003b pushad 0x0000003c jmp 00007F6F0CE923DFh 0x00000041 jng 00007F6F0CE923D6h 0x00000047 popad 0x00000048 pop ebx 0x00000049 push eax 0x0000004a push ebx 0x0000004b push esi 0x0000004c push eax 0x0000004d push edx 0x0000004e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD2FF5 second address: AD2FF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD2D58 second address: AD2D68 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F6F0CE923D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD2FF9 second address: AD3002 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD2D68 second address: AD2D73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F6F0CE923D6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD3A06 second address: AD3A10 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F6F0CD49E3Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD3A10 second address: AD3A9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 add dword ptr [ebp+122D36E1h], ecx 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push ebx 0x00000014 call 00007F6F0CE923D8h 0x00000019 pop ebx 0x0000001a mov dword ptr [esp+04h], ebx 0x0000001e add dword ptr [esp+04h], 0000001Ah 0x00000026 inc ebx 0x00000027 push ebx 0x00000028 ret 0x00000029 pop ebx 0x0000002a ret 0x0000002b jns 00007F6F0CE923DCh 0x00000031 push 00000000h 0x00000033 push 00000000h 0x00000035 push eax 0x00000036 call 00007F6F0CE923D8h 0x0000003b pop eax 0x0000003c mov dword ptr [esp+04h], eax 0x00000040 add dword ptr [esp+04h], 0000001Bh 0x00000048 inc eax 0x00000049 push eax 0x0000004a ret 0x0000004b pop eax 0x0000004c ret 0x0000004d call 00007F6F0CE923E0h 0x00000052 mov esi, ebx 0x00000054 pop esi 0x00000055 xchg eax, ebx 0x00000056 push eax 0x00000057 push edx 0x00000058 jmp 00007F6F0CE923E5h 0x0000005d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD3A9F second address: AD3AA9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F6F0CD49E36h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD50A2 second address: AD50A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD5AFD second address: AD5B01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD74D3 second address: AD7557 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 pop eax 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jbe 00007F6F0CE923E1h 0x00000011 jmp 00007F6F0CE923DBh 0x00000016 nop 0x00000017 call 00007F6F0CE923E7h 0x0000001c jmp 00007F6F0CE923DCh 0x00000021 pop ebx 0x00000022 push 00000000h 0x00000024 push 00000000h 0x00000026 push esi 0x00000027 call 00007F6F0CE923D8h 0x0000002c pop esi 0x0000002d mov dword ptr [esp+04h], esi 0x00000031 add dword ptr [esp+04h], 0000001Ch 0x00000039 inc esi 0x0000003a push esi 0x0000003b ret 0x0000003c pop esi 0x0000003d ret 0x0000003e push 00000000h 0x00000040 mov ebx, 6F5E9996h 0x00000045 xchg eax, esi 0x00000046 push eax 0x00000047 push edx 0x00000048 jmp 00007F6F0CE923E3h 0x0000004d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD7557 second address: AD756C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jg 00007F6F0CD49E36h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pop edx 0x00000014 pop eax 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADA5F8 second address: ADA667 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push edx 0x00000007 pop edx 0x00000008 jnc 00007F6F0CE923D6h 0x0000000e popad 0x0000000f popad 0x00000010 mov dword ptr [esp], eax 0x00000013 mov dword ptr [ebp+122D36E1h], ecx 0x00000019 push 00000000h 0x0000001b push 00000000h 0x0000001d push ecx 0x0000001e call 00007F6F0CE923D8h 0x00000023 pop ecx 0x00000024 mov dword ptr [esp+04h], ecx 0x00000028 add dword ptr [esp+04h], 0000001Ah 0x00000030 inc ecx 0x00000031 push ecx 0x00000032 ret 0x00000033 pop ecx 0x00000034 ret 0x00000035 mov dword ptr [ebp+122DBBD2h], ecx 0x0000003b push 00000000h 0x0000003d push 00000000h 0x0000003f push eax 0x00000040 call 00007F6F0CE923D8h 0x00000045 pop eax 0x00000046 mov dword ptr [esp+04h], eax 0x0000004a add dword ptr [esp+04h], 00000014h 0x00000052 inc eax 0x00000053 push eax 0x00000054 ret 0x00000055 pop eax 0x00000056 ret 0x00000057 movzx edi, di 0x0000005a xchg eax, esi 0x0000005b jc 00007F6F0CE923E8h 0x00000061 push eax 0x00000062 push edx 0x00000063 push eax 0x00000064 push edx 0x00000065 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADA667 second address: ADA66B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD5909 second address: AD5938 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6F0CE923E3h 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e jmp 00007F6F0CE923DEh 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADA66B second address: ADA680 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F6F0CD49E36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b je 00007F6F0CD49E44h 0x00000011 push eax 0x00000012 push edx 0x00000013 push edx 0x00000014 pop edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD5938 second address: AD593C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADB5B0 second address: ADB5C6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F0CD49E42h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADB5C6 second address: ADB5D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F6F0CE923D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADB5D0 second address: ADB5D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD876E second address: AD8774 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD7714 second address: AD77A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F0CD49E41h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d or dword ptr [ebp+122D3399h], esi 0x00000013 or bl, FFFFFFECh 0x00000016 push dword ptr fs:[00000000h] 0x0000001d push edi 0x0000001e jmp 00007F6F0CD49E44h 0x00000023 pop ebx 0x00000024 mov dword ptr fs:[00000000h], esp 0x0000002b push 00000000h 0x0000002d push esi 0x0000002e call 00007F6F0CD49E38h 0x00000033 pop esi 0x00000034 mov dword ptr [esp+04h], esi 0x00000038 add dword ptr [esp+04h], 00000017h 0x00000040 inc esi 0x00000041 push esi 0x00000042 ret 0x00000043 pop esi 0x00000044 ret 0x00000045 mov dword ptr [ebp+122D2EDCh], edx 0x0000004b jno 00007F6F0CD49E37h 0x00000051 mov eax, dword ptr [ebp+122D0B29h] 0x00000057 or dword ptr [ebp+122D2EDCh], edx 0x0000005d push FFFFFFFFh 0x0000005f mov ebx, 011D7B3Ch 0x00000064 mov dword ptr [ebp+122D20B8h], ecx 0x0000006a push eax 0x0000006b push eax 0x0000006c push edx 0x0000006d push edi 0x0000006e pushad 0x0000006f popad 0x00000070 pop edi 0x00000071 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADA89D second address: ADA8B2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jc 00007F6F0CE923D6h 0x0000000d pop ebx 0x0000000e popad 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADB5D4 second address: ADB5EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F6F0CD49E3Dh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD8774 second address: AD8814 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F0CE923E3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e push edi 0x0000000f mov bx, D7DEh 0x00000013 pop edi 0x00000014 push dword ptr fs:[00000000h] 0x0000001b jmp 00007F6F0CE923E4h 0x00000020 mov dword ptr fs:[00000000h], esp 0x00000027 clc 0x00000028 mov eax, dword ptr [ebp+122D02B9h] 0x0000002e push 00000000h 0x00000030 push ebx 0x00000031 call 00007F6F0CE923D8h 0x00000036 pop ebx 0x00000037 mov dword ptr [esp+04h], ebx 0x0000003b add dword ptr [esp+04h], 00000014h 0x00000043 inc ebx 0x00000044 push ebx 0x00000045 ret 0x00000046 pop ebx 0x00000047 ret 0x00000048 mov ebx, dword ptr [ebp+122D2E07h] 0x0000004e and ebx, dword ptr [ebp+122D2AA5h] 0x00000054 push FFFFFFFFh 0x00000056 push 00000000h 0x00000058 push ebp 0x00000059 call 00007F6F0CE923D8h 0x0000005e pop ebp 0x0000005f mov dword ptr [esp+04h], ebp 0x00000063 add dword ptr [esp+04h], 00000015h 0x0000006b inc ebp 0x0000006c push ebp 0x0000006d ret 0x0000006e pop ebp 0x0000006f ret 0x00000070 movsx ebx, ax 0x00000073 push eax 0x00000074 push eax 0x00000075 push edx 0x00000076 push eax 0x00000077 push edx 0x00000078 jng 00007F6F0CE923D6h 0x0000007e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADA8B2 second address: ADA8CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6F0CD49E48h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD8814 second address: AD881A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADB798 second address: ADB79C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADE4C2 second address: ADE4C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADE4C6 second address: ADE4CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADF4D3 second address: ADF509 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F0CE923DFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jg 00007F6F0CE923EFh 0x00000013 jmp 00007F6F0CE923E9h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADF509 second address: ADF58F instructions: 0x00000000 rdtsc 0x00000002 ja 00007F6F0CD49E38h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push ebx 0x0000000e call 00007F6F0CD49E38h 0x00000013 pop ebx 0x00000014 mov dword ptr [esp+04h], ebx 0x00000018 add dword ptr [esp+04h], 00000016h 0x00000020 inc ebx 0x00000021 push ebx 0x00000022 ret 0x00000023 pop ebx 0x00000024 ret 0x00000025 mov dword ptr [ebp+122D27F8h], edx 0x0000002b push 00000000h 0x0000002d sub edi, dword ptr [ebp+122D1C37h] 0x00000033 push 00000000h 0x00000035 push 00000000h 0x00000037 push ebx 0x00000038 call 00007F6F0CD49E38h 0x0000003d pop ebx 0x0000003e mov dword ptr [esp+04h], ebx 0x00000042 add dword ptr [esp+04h], 0000001Ch 0x0000004a inc ebx 0x0000004b push ebx 0x0000004c ret 0x0000004d pop ebx 0x0000004e ret 0x0000004f mov bx, 73C1h 0x00000053 xchg eax, esi 0x00000054 push ebx 0x00000055 pushad 0x00000056 jmp 00007F6F0CD49E3Eh 0x0000005b jmp 00007F6F0CD49E3Ah 0x00000060 popad 0x00000061 pop ebx 0x00000062 push eax 0x00000063 pushad 0x00000064 push eax 0x00000065 push edx 0x00000066 pushad 0x00000067 popad 0x00000068 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE059B second address: AE0631 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push eax 0x00000007 pop eax 0x00000008 pop ecx 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d jmp 00007F6F0CE923E6h 0x00000012 mov edi, esi 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push ebx 0x00000019 call 00007F6F0CE923D8h 0x0000001e pop ebx 0x0000001f mov dword ptr [esp+04h], ebx 0x00000023 add dword ptr [esp+04h], 00000015h 0x0000002b inc ebx 0x0000002c push ebx 0x0000002d ret 0x0000002e pop ebx 0x0000002f ret 0x00000030 push esi 0x00000031 mov ebx, dword ptr [ebp+122D27EDh] 0x00000037 pop ebx 0x00000038 sub dword ptr [ebp+122D3A2Bh], edi 0x0000003e push 00000000h 0x00000040 jmp 00007F6F0CE923E8h 0x00000045 xchg eax, esi 0x00000046 pushad 0x00000047 push eax 0x00000048 jl 00007F6F0CE923D6h 0x0000004e pop eax 0x0000004f jmp 00007F6F0CE923E9h 0x00000054 popad 0x00000055 push eax 0x00000056 push edx 0x00000057 push eax 0x00000058 push edx 0x00000059 pushad 0x0000005a popad 0x0000005b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE174D second address: AE1752 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE27BF second address: AE27C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE37A0 second address: AE37A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE37A6 second address: AE37AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE37AE second address: AE37B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE57FA second address: AE5865 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F6F0CE923D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push ebp 0x0000000f call 00007F6F0CE923D8h 0x00000014 pop ebp 0x00000015 mov dword ptr [esp+04h], ebp 0x00000019 add dword ptr [esp+04h], 00000014h 0x00000021 inc ebp 0x00000022 push ebp 0x00000023 ret 0x00000024 pop ebp 0x00000025 ret 0x00000026 mov edi, 0F045B15h 0x0000002b push 00000000h 0x0000002d push 00000000h 0x0000002f push edi 0x00000030 call 00007F6F0CE923D8h 0x00000035 pop edi 0x00000036 mov dword ptr [esp+04h], edi 0x0000003a add dword ptr [esp+04h], 0000001Ah 0x00000042 inc edi 0x00000043 push edi 0x00000044 ret 0x00000045 pop edi 0x00000046 ret 0x00000047 mov ebx, dword ptr [ebp+122D315Dh] 0x0000004d or dword ptr [ebp+122D21A3h], edi 0x00000053 push 00000000h 0x00000055 mov edi, ebx 0x00000057 movsx edi, cx 0x0000005a xchg eax, esi 0x0000005b push eax 0x0000005c push edx 0x0000005d push eax 0x0000005e push edx 0x0000005f push eax 0x00000060 push edx 0x00000061 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE5865 second address: AE5869 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE5869 second address: AE5873 instructions: 0x00000000 rdtsc 0x00000002 js 00007F6F0CE923D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE5873 second address: AE5879 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE5879 second address: AE588E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e js 00007F6F0CE923D6h 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE588E second address: AE5899 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007F6F0CD49E36h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE687F second address: AE689F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F0CE923DAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F6F0CE923DEh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE689F second address: AE68A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEC244 second address: AEC248 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF0EBB second address: AF0ECC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push esi 0x00000008 pop esi 0x00000009 je 00007F6F0CD49E36h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF0678 second address: AF0694 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jp 00007F6F0CE923E4h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF0694 second address: AF0699 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF0699 second address: AF06A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE494E second address: AE4953 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE4A3B second address: AE4A56 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F6F0CE923D8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f ja 00007F6F0CE923DCh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE4A56 second address: AE4A5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE4A5C second address: AE4A60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE4A60 second address: AE4A64 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF0911 second address: AF0929 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F0CE923E4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF0929 second address: AF092F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF092F second address: AF0935 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF0A77 second address: AF0A87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F6F0CD49E36h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF6332 second address: AF633F instructions: 0x00000000 rdtsc 0x00000002 jng 00007F6F0CE923D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF63BC second address: AF63C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF6546 second address: AF6550 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F6F0CE923DCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF6550 second address: AF65A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a jmp 00007F6F0CD49E3Eh 0x0000000f mov eax, dword ptr [eax] 0x00000011 pushad 0x00000012 push eax 0x00000013 pushad 0x00000014 popad 0x00000015 pop eax 0x00000016 jmp 00007F6F0CD49E49h 0x0000001b popad 0x0000001c mov dword ptr [esp+04h], eax 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 jmp 00007F6F0CD49E3Dh 0x00000028 pushad 0x00000029 popad 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF65A0 second address: AF65A5 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFA38D second address: AFA391 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFA391 second address: AFA395 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFA395 second address: AFA39B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFA50F second address: AFA513 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFA513 second address: AFA517 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFA517 second address: AFA523 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a pop eax 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFA523 second address: AFA529 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFA678 second address: AFA67E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFA7F1 second address: AFA7F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFAC43 second address: AFAC61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6F0CE923E8h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B076D3 second address: B076DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B06177 second address: B0617B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B06737 second address: B0673B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0673B second address: B06760 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F6F0CE923E6h 0x0000000c jo 00007F6F0CE923D6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B07132 second address: B07137 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B07137 second address: B07156 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F6F0CE923F1h 0x00000008 jmp 00007F6F0CE923E5h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0755E second address: B07564 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B05E89 second address: B05E8E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0BA64 second address: B0BA6A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0BBF9 second address: B0BBFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0C48C second address: B0C493 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0C493 second address: B0C4B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F6F0CE923E5h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0C4B5 second address: B0C4BF instructions: 0x00000000 rdtsc 0x00000002 js 00007F6F0CD49E36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0C5E6 second address: B0C607 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F6F0CE923E4h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop ecx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0CA28 second address: B0CA35 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0CA35 second address: B0CA59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F6F0CE923D6h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d jmp 00007F6F0CE923E7h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0FDFF second address: B0FE1E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F6F0CD49E3Bh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b js 00007F6F0CD49E38h 0x00000011 push esi 0x00000012 pop esi 0x00000013 push eax 0x00000014 push edx 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACDAA1 second address: AB824D instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F6F0CE923D8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push ecx 0x0000000e call 00007F6F0CE923D8h 0x00000013 pop ecx 0x00000014 mov dword ptr [esp+04h], ecx 0x00000018 add dword ptr [esp+04h], 00000016h 0x00000020 inc ecx 0x00000021 push ecx 0x00000022 ret 0x00000023 pop ecx 0x00000024 ret 0x00000025 lea eax, dword ptr [ebp+1247D813h] 0x0000002b add dword ptr [ebp+122D3708h], eax 0x00000031 push eax 0x00000032 jmp 00007F6F0CE923DBh 0x00000037 mov dword ptr [esp], eax 0x0000003a push 00000000h 0x0000003c push eax 0x0000003d call 00007F6F0CE923D8h 0x00000042 pop eax 0x00000043 mov dword ptr [esp+04h], eax 0x00000047 add dword ptr [esp+04h], 00000015h 0x0000004f inc eax 0x00000050 push eax 0x00000051 ret 0x00000052 pop eax 0x00000053 ret 0x00000054 jmp 00007F6F0CE923DDh 0x00000059 sub dword ptr [ebp+122D21A3h], eax 0x0000005f call dword ptr [ebp+122D2DD4h] 0x00000065 push eax 0x00000066 push edx 0x00000067 push ecx 0x00000068 pushad 0x00000069 popad 0x0000006a pushad 0x0000006b popad 0x0000006c pop ecx 0x0000006d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACDC9B second address: ACDC9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACDC9F second address: ACDCB3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F0CE923DDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACE083 second address: ACE087 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACE087 second address: ACE096 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F0CE923DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACE17B second address: ACE195 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6F0CD49E45h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACE3A0 second address: ACE3A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACE467 second address: ACE476 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b pushad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACEAAF second address: ACEAB3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACEAB3 second address: ACEABC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACEED1 second address: ACEF1C instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F6F0CE923D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push ecx 0x0000000f call 00007F6F0CE923D8h 0x00000014 pop ecx 0x00000015 mov dword ptr [esp+04h], ecx 0x00000019 add dword ptr [esp+04h], 00000017h 0x00000021 inc ecx 0x00000022 push ecx 0x00000023 ret 0x00000024 pop ecx 0x00000025 ret 0x00000026 xor edi, 02919BD9h 0x0000002c lea eax, dword ptr [ebp+1247D813h] 0x00000032 mov edi, 38EE247Fh 0x00000037 push eax 0x00000038 push eax 0x00000039 push edx 0x0000003a jne 00007F6F0CE923DCh 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1010A second address: B1011B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F0CD49E3Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B10288 second address: B102B7 instructions: 0x00000000 rdtsc 0x00000002 js 00007F6F0CE923D6h 0x00000008 ja 00007F6F0CE923D6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jnp 00007F6F0CE923E9h 0x00000016 jmp 00007F6F0CE923E1h 0x0000001b push edi 0x0000001c pop edi 0x0000001d pop ebx 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B102B7 second address: B102BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8A61D second address: A8A623 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8A623 second address: A8A629 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8A629 second address: A8A634 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F6F0CE923D6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8A634 second address: A8A64B instructions: 0x00000000 rdtsc 0x00000002 jno 00007F6F0CD49E42h 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B15808 second address: B1580C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1580C second address: B1582F instructions: 0x00000000 rdtsc 0x00000002 je 00007F6F0CD49E36h 0x00000008 jmp 00007F6F0CD49E45h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B15977 second address: B15991 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F6F0CE923E2h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B15991 second address: B15995 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B15995 second address: B1599B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1599B second address: B159A0 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1762F second address: B17634 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B17634 second address: B17657 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F6F0CD49E47h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B17657 second address: B1765B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1765B second address: B17664 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1A866 second address: B1A8A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F0CE923E2h 0x00000007 push ecx 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop ecx 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e jmp 00007F6F0CE923DDh 0x00000013 push eax 0x00000014 jl 00007F6F0CE923D6h 0x0000001a pop eax 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F6F0CE923DCh 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1A8A6 second address: B1A8AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1A8AA second address: B1A8AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1AA18 second address: B1AA21 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1AA21 second address: B1AA26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1C5F4 second address: B1C5FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1C5FA second address: B1C61E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6F0CE923E9h 0x00000009 jnp 00007F6F0CE923D6h 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1C61E second address: B1C625 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1C625 second address: B1C645 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F6F0CE923DBh 0x0000000c jmp 00007F6F0CE923DEh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1C645 second address: B1C65D instructions: 0x00000000 rdtsc 0x00000002 jl 00007F6F0CD49E36h 0x00000008 jnp 00007F6F0CD49E36h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 pushad 0x00000014 push eax 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B21BC3 second address: B21BCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A95F2C second address: A95F30 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B20524 second address: B2055C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6F0CE923E6h 0x00000009 jo 00007F6F0CE923D6h 0x0000000f jmp 00007F6F0CE923DDh 0x00000014 popad 0x00000015 jng 00007F6F0CE923DAh 0x0000001b push eax 0x0000001c pop eax 0x0000001d push ecx 0x0000001e pop ecx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2055C second address: B20561 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2068F second address: B20699 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push edx 0x00000007 pop edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B20943 second address: B20949 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B20949 second address: B20982 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 ja 00007F6F0CE923E7h 0x0000000c jmp 00007F6F0CE923DBh 0x00000011 je 00007F6F0CE923D6h 0x00000017 pushad 0x00000018 js 00007F6F0CE923D6h 0x0000001e pushad 0x0000001f popad 0x00000020 jmp 00007F6F0CE923DCh 0x00000025 push eax 0x00000026 pop eax 0x00000027 popad 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B20982 second address: B20986 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B20C15 second address: B20C2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F6F0CE923E3h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B20C2D second address: B20C63 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F0CD49E46h 0x00000007 pushad 0x00000008 jmp 00007F6F0CD49E49h 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACDA95 second address: ACDAA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b pop edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACE8AC second address: ACE911 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F0CD49E49h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a mov dword ptr [esp], eax 0x0000000d mov ecx, 3C0A1C86h 0x00000012 mov ebx, dword ptr [ebp+1247D852h] 0x00000018 push 00000000h 0x0000001a push ebp 0x0000001b call 00007F6F0CD49E38h 0x00000020 pop ebp 0x00000021 mov dword ptr [esp+04h], ebp 0x00000025 add dword ptr [esp+04h], 00000019h 0x0000002d inc ebp 0x0000002e push ebp 0x0000002f ret 0x00000030 pop ebp 0x00000031 ret 0x00000032 mov dword ptr [ebp+122D33B4h], edi 0x00000038 sub dword ptr [ebp+122D386Fh], ecx 0x0000003e add eax, ebx 0x00000040 sbb cx, 3720h 0x00000045 push eax 0x00000046 pushad 0x00000047 push edi 0x00000048 push eax 0x00000049 push edx 0x0000004a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACE911 second address: ACE93E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007F6F0CE923E1h 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e add cx, 5178h 0x00000013 push 00000004h 0x00000015 mov dword ptr [ebp+1245178Fh], esi 0x0000001b nop 0x0000001c push esi 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACE93E second address: ACE952 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F6F0CD49E36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 pop eax 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACE952 second address: ACE958 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B258CE second address: B258E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jmp 00007F6F0CD49E41h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B25B27 second address: B25B36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 jns 00007F6F0CE923D6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B25B36 second address: B25B3C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B25B3C second address: B25B41 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B25CB4 second address: B25CE4 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F6F0CD49E36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F6F0CD49E49h 0x0000000f jmp 00007F6F0CD49E3Ah 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B25E24 second address: B25E28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B25E28 second address: B25E34 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 jg 00007F6F0CD49E36h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B25E34 second address: B25E38 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2610F second address: B26140 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jp 00007F6F0CD49E4Eh 0x0000000b push eax 0x0000000c push edx 0x0000000d jbe 00007F6F0CD49E36h 0x00000013 jp 00007F6F0CD49E36h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B26140 second address: B26144 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B26144 second address: B2614D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2614D second address: B26185 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6F0CE923E4h 0x00000009 pop ebx 0x0000000a popad 0x0000000b pushad 0x0000000c jmp 00007F6F0CE923E9h 0x00000011 push eax 0x00000012 push edx 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B26185 second address: B26192 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2CA7A second address: B2CA98 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F0CE923E0h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jo 00007F6F0CE923D6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2CA98 second address: B2CAAE instructions: 0x00000000 rdtsc 0x00000002 jc 00007F6F0CD49E36h 0x00000008 jp 00007F6F0CD49E36h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push esi 0x00000013 pop esi 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2CAAE second address: B2CAD3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007F6F0CE923F3h 0x0000000c jmp 00007F6F0CE923E7h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2D7FD second address: B2D801 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2D801 second address: B2D810 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2DDCA second address: B2DDCE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2DDCE second address: B2DDD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2E0B5 second address: B2E0BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2E6A8 second address: B2E6B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6F0CE923DCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2E6B8 second address: B2E6D3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F6F0CD49E46h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3762B second address: B3762F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3762F second address: B37633 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B37633 second address: B3763F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3763F second address: B37643 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B37643 second address: B37647 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B36DE2 second address: B36DEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F6F0CD49E36h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B371D6 second address: B371DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3EBEA second address: B3EC29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pushad 0x00000006 popad 0x00000007 pop edx 0x00000008 pushad 0x00000009 ja 00007F6F0CD49E36h 0x0000000f pushad 0x00000010 popad 0x00000011 jnp 00007F6F0CD49E36h 0x00000017 popad 0x00000018 popad 0x00000019 pushad 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d pop edx 0x0000001e pushad 0x0000001f push edx 0x00000020 pop edx 0x00000021 jmp 00007F6F0CD49E49h 0x00000026 popad 0x00000027 push eax 0x00000028 push edx 0x00000029 push ecx 0x0000002a pop ecx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3EC29 second address: B3EC2D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3EC2D second address: B3EC50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6F0CD49E43h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jbe 00007F6F0CD49E3Eh 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3D190 second address: B3D1C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F6F0CE923E0h 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jnp 00007F6F0CE923D6h 0x00000016 jmp 00007F6F0CE923E7h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3D1C8 second address: B3D1CE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3D1CE second address: B3D1E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6F0CE923DFh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3D36B second address: B3D376 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push edi 0x00000007 pop edi 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3D376 second address: B3D3A3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push edx 0x00000004 pop edx 0x00000005 push edx 0x00000006 pop edx 0x00000007 pop ecx 0x00000008 jnc 00007F6F0CE923E9h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jng 00007F6F0CE9240Fh 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3D3A3 second address: B3D3CE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F0CD49E41h 0x00000007 jmp 00007F6F0CD49E40h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3D3CE second address: B3D3D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3DAD3 second address: B3DADB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B41168 second address: B4117D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop esi 0x00000007 jnc 00007F6F0CE923DAh 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4117D second address: B41181 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B45C52 second address: B45C74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007F6F0CE923E8h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B45C74 second address: B45C8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6F0CD49E42h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B45C8F second address: B45C93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4877F second address: B4879C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F6F0CD49E47h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4879C second address: B487A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B48923 second address: B48929 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B48A87 second address: B48A8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B48A8B second address: B48A97 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnp 00007F6F0CD49E36h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B56260 second address: B56264 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B55F54 second address: B55F5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B55F5A second address: B55F5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B607CA second address: B607D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jo 00007F6F0CD49E36h 0x0000000d push eax 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B607D9 second address: B607ED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F0CE923E0h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B68BA9 second address: B68BC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6F0CD49E41h 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B68BC2 second address: B68BC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B70B17 second address: B70B1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B70B1F second address: B70B3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F6F0CE923E0h 0x0000000a je 00007F6F0CE923DCh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6F9CA second address: B6F9D4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 pushad 0x00000008 popad 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B707A9 second address: B707AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B707AF second address: B707BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F6F0CD49E36h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B707BB second address: B707CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jne 00007F6F0CE923DEh 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B707CD second address: B707EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push esi 0x00000006 pop esi 0x00000007 jmp 00007F6F0CD49E45h 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B707EA second address: B707F7 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F6F0CE923D8h 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B75108 second address: B7510D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7510D second address: B7512C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 je 00007F6F0CE923D6h 0x0000000b pop ecx 0x0000000c pushad 0x0000000d jmp 00007F6F0CE923DEh 0x00000012 push edx 0x00000013 pop edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8EE14 second address: B8EE30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6F0CD49E48h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B94406 second address: B94413 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F6F0CE923D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BAE4B7 second address: BAE511 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F6F0CD49E43h 0x00000008 jmp 00007F6F0CD49E47h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push ecx 0x00000012 js 00007F6F0CD49E36h 0x00000018 jo 00007F6F0CD49E36h 0x0000001e pop ecx 0x0000001f pushad 0x00000020 push edi 0x00000021 pop edi 0x00000022 jmp 00007F6F0CD49E45h 0x00000027 push edx 0x00000028 pop edx 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BAE511 second address: BAE516 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BAD3AC second address: BAD3C5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F0CD49E43h 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BAD7F2 second address: BAD7F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BAD7F8 second address: BAD817 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007F6F0CD49E42h 0x0000000d pushad 0x0000000e popad 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BAD817 second address: BAD832 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F0CE923E1h 0x00000007 js 00007F6F0CE923DCh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BADF25 second address: BADF61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F6F0CD49E46h 0x0000000a popad 0x0000000b pushad 0x0000000c push edx 0x0000000d jmp 00007F6F0CD49E3Bh 0x00000012 pop edx 0x00000013 js 00007F6F0CD49E38h 0x00000019 pushad 0x0000001a popad 0x0000001b push ebx 0x0000001c pushad 0x0000001d popad 0x0000001e push eax 0x0000001f pop eax 0x00000020 pop ebx 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BADF61 second address: BADF67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BAE1F6 second address: BAE1FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BAE1FB second address: BAE206 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007F6F0CE923D6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BAE206 second address: BAE219 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F6F0CD49E36h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jg 00007F6F0CD49E36h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB26EB second address: BB26F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB5B46 second address: BB5B4C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB5B4C second address: BB5B50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB5B50 second address: BB5B6F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F6F0CD49E43h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB5B6F second address: BB5B79 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F6F0CE923D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB5B79 second address: BB5B86 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F6F0CD49E38h 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B0AC5 second address: 52B0AD4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F0CE923DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B0AD4 second address: 52B0B00 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F0CD49E49h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ecx, dword ptr [eax+00000FDCh] 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 movsx edi, cx 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B0B00 second address: 52B0B51 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F0CE923DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test ecx, ecx 0x0000000b pushad 0x0000000c mov bx, cx 0x0000000f jmp 00007F6F0CE923E0h 0x00000014 popad 0x00000015 jns 00007F6F0CE92432h 0x0000001b pushad 0x0000001c pushfd 0x0000001d jmp 00007F6F0CE923DEh 0x00000022 and si, 69B8h 0x00000027 jmp 00007F6F0CE923DBh 0x0000002c popfd 0x0000002d push eax 0x0000002e push edx 0x0000002f pushad 0x00000030 popad 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B0B51 second address: 52B0B71 instructions: 0x00000000 rdtsc 0x00000002 mov cx, 6A0Bh 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 add eax, ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push edi 0x0000000f pop esi 0x00000010 jmp 00007F6F0CD49E3Fh 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B0B71 second address: 52B0B77 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B0B77 second address: 52B0BF7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F0CD49E3Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [eax+00000860h] 0x00000011 jmp 00007F6F0CD49E46h 0x00000016 test eax, eax 0x00000018 pushad 0x00000019 pushfd 0x0000001a jmp 00007F6F0CD49E3Eh 0x0000001f sbb esi, 4548A8D8h 0x00000025 jmp 00007F6F0CD49E3Bh 0x0000002a popfd 0x0000002b mov ah, 93h 0x0000002d popad 0x0000002e je 00007F6F7D68FFCAh 0x00000034 jmp 00007F6F0CD49E3Bh 0x00000039 test byte ptr [eax+04h], 00000005h 0x0000003d push eax 0x0000003e push edx 0x0000003f jmp 00007F6F0CD49E45h 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B0BF7 second address: 52B0BFD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B0BFD second address: 52B0C01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD22FF second address: AD2304 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe

Special instruction interceptor: First address: 923A88 instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe TID: 3020

Thread sleep time: -30000s >= -30000s

Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.1716233441.000000000145E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW0}L
Source: file.exe, 00000000.00000003.1698553601.00000000014DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1716328542.00000000014BF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1716405897.00000000014DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698553601.00000000014BF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00905BB0 LdrInitializeThunk,

0_2_00905BB0

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: file.exe	String found in binary or memory: licendfilteo.site
Source: file.exe	String found in binary or memory: clearancek.site
Source: file.exe	String found in binary or memory: bathdoomgaz.store
Source: file.exe	String found in binary or memory: spirittunek.store
Source: file.exe	String found in binary or memory: dissapoiznw.store
Source: file.exe	String found in binary or memory: studennotediw.store
Source: file.exe	String found in binary or memory: mobbipenju.store
Source: file.exe	String found in binary or memory: eaglepawnoy.store

Source: file.exe, file.exe, 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: sCProgram Manager

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 Process Injection	24 Virtualization/Sandbox Evasion	OS Credential Dumping	631 Security Software Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 PowerShell	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Process Injection	LSASS Memory	24 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	11 Deobfuscate/Decode Files or Information	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	4 Obfuscated Files or Information	NTDS	23 System Information Discovery	Distributed Component Object Model	Input Capture	113 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
https://player.vimeo.com	0%	URL Reputation	safe
https://help.steampowered.com/en/	0%	URL Reputation	safe
https://store.steampowered.com/news/	0%	URL Reputation	safe
https://store.steampowered.com/subscriber_agreement/	0%	URL Reputation	safe
https://www.gstatic.cn/recaptcha/	0%	URL Reputation	safe
http://store.steampowered.com/subscriber_agreement/	0%	URL Reputation	safe
https://recaptcha.net/recaptcha/;	0%	URL Reputation	safe
http://www.valvesoftware.com/legal.htm	0%	URL Reputation	safe
https://store.steampowered.com/stats/	0%	URL Reputation	safe
https://medal.tv	0%	URL Reputation	safe
https://broadcast.st.dl.eccdnx.com	0%	URL Reputation	safe
https://store.steampowered.com/steam_refunds/	0%	URL Reputation	safe
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	0%	URL Reputation	safe
https://login.steampowered.com/	0%	URL Reputation	safe
https://store.steampowered.com/legal/	0%	URL Reputation	safe
https://steam.tv/	0%	URL Reputation	safe
http://store.steampowered.com/privacy_agreement/	0%	URL Reputation	safe
https://store.steampowered.com/points/shop/	0%	URL Reputation	safe
https://recaptcha.net	0%	URL Reputation	safe
https://store.steampowered.com/	0%	URL Reputation	safe
https://lv.queniujq.cn	0%	URL Reputation	safe
https://store.steampowered.com/privacy_agreement/	0%	URL Reputation	safe
https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	0%	URL Reputation	safe
https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016	0%	URL Reputation	safe
https://checkout.steampowered.com/	0%	URL Reputation	safe
https://help.steampowered.com/	0%	URL Reputation	safe
https://api.steampowered.com/	0%	URL Reputation	safe
http://store.steampowered.com/account/cookiepreferences/	0%	URL Reputation	safe
https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png	0%	URL Reputation	safe
https://store.steampowered.com/mobile	0%	URL Reputation	safe
https://store.steampowered.com/;	0%	URL Reputation	safe
https://store.steampowered.com/about/	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
steamcommunity.com	104.102.49.254	true	true	unknown
eaglepawnoy.store	unknown	unknown	true	unknown
bathdoomgaz.store	unknown	unknown	true	unknown
spirittunek.store	unknown	unknown	true	unknown
licendfilteo.site	unknown	unknown	true	unknown
studennotediw.store	unknown	unknown	true	unknown
mobbipenju.store	unknown	unknown	true	unknown
clearancek.site	unknown	unknown	true	unknown
dissapoiznw.store	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Reputation
bathdoomgaz.store	true	unknown
studennotediw.store	true	unknown
clearancek.site	true	unknown
dissapoiznw.store	true	unknown
https://steamcommunity.com/profiles/76561199724331900	true	unknown
spirittunek.store	true	unknown
licendfilteo.site	true	unknown
eaglepawnoy.store	true	unknown
mobbipenju.store	true	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://steamcommunity.com/my/wishlist/	file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://clearancek.site:443/apiapib	file.exe, 00000000.00000003.1698553601.000000000149F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1716328542.000000000149F000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://player.vimeo.com	file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&	file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://bathdoomgaz.store:443/api	file.exe, 00000000.00000003.1698553601.000000000149F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1716328542.000000000149F000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/?subsection=broadcasts	file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cbcfeb0e5371aba2	file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://help.steampowered.com/en/	file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcV	file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/market/	file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/news/	file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/subscriber_agreement/	file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.gstatic.cn/recaptcha/	file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1716465250.0000000001513000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://store.steampowered.com/subscriber_agreement/	file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698553601.0000000001498000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=	file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698553601.0000000001498000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org	file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698553601.0000000001498000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=ljhW-PbGuX	file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1716233441.0000000001495000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://recaptcha.net/recaptcha/;	file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpE	file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.valvesoftware.com/legal.htm	file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/discussions/	file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.youtube.com	file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.google.com	file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/stats/	file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=bOP7RorZq4_W&l=englis	file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://medal.tv	file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://broadcast.st.dl.eccdnx.com	file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1716465250.0000000001513000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&amp	file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/steam_refunds/	file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v	file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/G	file.exe, 00000000.00000003.1698553601.000000000149F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1716328542.000000000149F000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p	file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698553601.0000000001498000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900	file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com:443/profiles/76561199724331900z	file.exe, 00000000.00000003.1698553601.000000000149F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1716328542.000000000149F000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1	file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://clearancek.site:443/api	file.exe, 00000000.00000003.1698553601.000000000149F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1716328542.000000000149F000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://s.ytimg.com;	file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1716465250.0000000001513000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/workshop/	file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://login.steampowered.com/	file.exe, 00000000.00000002.1716465250.0000000001513000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/legal/	file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698553601.0000000001498000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steam.tv/	file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1716465250.0000000001513000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://licendfilteo.site:443/api	file.exe, 00000000.00000003.1698553601.000000000149F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1716328542.000000000149F000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&l=engl	file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&l=	file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=W9BX	file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698553601.0000000001498000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&	file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=pwVcIAtHNXwg&l=english&am	file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://store.steampowered.com/privacy_agreement/	file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698553601.0000000001498000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&	file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4BMeDcNiCU&l=engli	file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/points/shop/	file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://recaptcha.net	file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1716465250.0000000001513000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/	file.exe, 00000000.00000002.1716465250.0000000001513000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/css/skin_1/fatalerror.css?v=wctRWaBvNt2z&l=e	file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com	file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698553601.0000000001498000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=Ff_1prscqzeu&	file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://sketchfab.com	file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://lv.queniujq.cn	file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1716465250.0000000001513000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.youtube.com/	file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1716465250.0000000001513000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://127.0.0.1:27060	file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1716465250.0000000001513000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/privacy_agreement/	file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/	file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1716465250.0000000001513000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1	file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698553601.0000000001498000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://spirittunek.store:443/api	file.exe, 00000000.00000003.1698553601.000000000149F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1716328542.000000000149F000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016	file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.google.com/recaptcha/	file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1716465250.0000000001513000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://checkout.steampowered.com/	file.exe, 00000000.00000002.1716465250.0000000001513000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://help.steampowered.com/	file.exe, 00000000.00000002.1716465250.0000000001513000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://api.steampowered.com/	file.exe, 00000000.00000002.1716465250.0000000001513000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b	file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698553601.0000000001498000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://store.steampowered.com/account/cookiepreferences/	file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698553601.0000000001498000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png	file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/mobile	file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/	file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1716465250.0000000001513000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1716233441.0000000001495000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/;	file.exe, 00000000.00000003.1698495793.0000000001524000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/about/	file.exe, 00000000.00000003.1698495793.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/	file.exe, 00000000.00000002.1716465250.0000000001513000.00000004.00000020.00020000.00000000.sdmp	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.102.49.254	steamcommunity.com	United States		16625	AKAMAI-ASUS	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1541677
Start date and time:	2024-10-25 01:25:05 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 39s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	1
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@1/0@9/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: file.exe

Simulations

Behavior and APIs

Time	Type	Description
19:25:57	API Interceptor	2x Sleep call for process: file.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.102.49.254	http://gtm-cn-j4g3qqvf603.steamproxy1.com/	Get hash	malicious	Unknown	Browse	www.valvesoftware.com/legal.htm

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
steamcommunity.com	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASUS	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	la.bot.sh4.elf	Get hash	malicious	Unknown	Browse	104.108.130.154
	la.bot.mipsel.elf	Get hash	malicious	Unknown	Browse	23.209.51.130
	phish_alert_sp2_2.0.0.0 (1).eml	Get hash	malicious	Unknown	Browse	2.19.126.160
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	http://boulos-sharepoint.com	Get hash	malicious	HTMLPhisher	Browse	23.38.98.114
	la.bot.sh4.elf	Get hash	malicious	Unknown	Browse	104.127.205.96
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	msvcp110.dll	Get hash	malicious	LummaC	Browse	104.102.49.254
	Setup.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	Loader.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	SecuriteInfo.com.Other.Malware-gen.26961.24680.xlsx	Get hash	malicious	Unknown	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.466254581292252
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	2'916'864 bytes
MD5:	8a8ac6e786885a36e9ad6f8143fbea3f
SHA1:	2682fca6d8bba7aba4505f8714a223a07c7bb5cd
SHA256:	49cbacde80b5c92732411b538fbaec79d88bda59faa3e20cbd7d67665d9020bf
SHA512:	77c44c95f77174babaf4f49df94075bb9616c3aaa2af2e85f1c255a2c64a052cf54424beaa18a49490a69f0c96f8cf1c9877c446e7031e918a8ba43e682924f1
SSDEEP:	49152:Na/+OH6+KKSmtwIfZzv3EpCDOn+mihdJnWmRIV+r5ob:cH6+KKSmtwIf5fEpCDm+npnWmw+m
TLSH:	28D53B93F50972CFD88E63B8985FCD82695F02F9072548C3AC69A47BBEA3DC115B5C24
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...J..f..............................0...........@..........................00.....K.,...@.................................W...k..

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x700000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66FFF14A [Fri Oct 4 13:44:42 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F6F0C8545BAh
punpcklbw mm5, qword ptr [eax+eax]
add byte ptr [eax], al
add byte ptr [eax], al
jmp 00007F6F0C8565B5h
add byte ptr [0000000Ah], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edi], bl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [0000000Ah], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], cl
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add eax, 0000000Ah
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x5f057	0x6b	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x5f1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x5d000	0x25e00	adb49a5a32afc44b6dc13d5dd06cf3c0	False	0.9994972153465347	data	7.9804405132247425	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x5e000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x5f000	0x1000	0x200	fe72def8b74193a84232a780098a7ce0	False	0.150390625	data	1.04205214219471	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
mdtsvfye	0x60000	0x29f000	0x29ec00	35448d4724e0111a6827e4681991382f	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
bwtuuemd	0x2ff000	0x1000	0x400	2a57fd96c91dae115aec9f1685a1662b	False	0.7939453125	data	6.275529382856138	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x300000	0x3000	0x2200	34308109599e1ad825cde64ec3b24934	False	0.06008731617647059	DOS executable (COM)	0.7390957453822217	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-25T01:25:57.851899+0200	2056471	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)	1	192.168.2.4	50769	1.1.1.1	53	UDP
2024-10-25T01:25:57.864858+0200	2056485	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)	1	192.168.2.4	55271	1.1.1.1	53	UDP
2024-10-25T01:25:57.876813+0200	2056483	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)	1	192.168.2.4	55831	1.1.1.1	53	UDP
2024-10-25T01:25:57.889509+0200	2056481	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)	1	192.168.2.4	56897	1.1.1.1	53	UDP
2024-10-25T01:25:57.901894+0200	2056479	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)	1	192.168.2.4	51224	1.1.1.1	53	UDP
2024-10-25T01:25:57.914503+0200	2056477	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)	1	192.168.2.4	60823	1.1.1.1	53	UDP
2024-10-25T01:25:57.926922+0200	2056475	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)	1	192.168.2.4	54746	1.1.1.1	53	UDP
2024-10-25T01:25:57.938081+0200	2056473	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)	1	192.168.2.4	50876	1.1.1.1	53	UDP
2024-10-25T01:25:59.847648+0200	2858666	ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup	1	192.168.2.4	49730	104.102.49.254	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 25, 2024 01:25:57.965305090 CEST	49730	443	192.168.2.4	104.102.49.254
Oct 25, 2024 01:25:57.965346098 CEST	443	49730	104.102.49.254	192.168.2.4
Oct 25, 2024 01:25:57.965473890 CEST	49730	443	192.168.2.4	104.102.49.254
Oct 25, 2024 01:25:57.969106913 CEST	49730	443	192.168.2.4	104.102.49.254
Oct 25, 2024 01:25:57.969119072 CEST	443	49730	104.102.49.254	192.168.2.4
Oct 25, 2024 01:25:58.823755980 CEST	443	49730	104.102.49.254	192.168.2.4
Oct 25, 2024 01:25:58.823884964 CEST	49730	443	192.168.2.4	104.102.49.254
Oct 25, 2024 01:25:58.841372013 CEST	49730	443	192.168.2.4	104.102.49.254
Oct 25, 2024 01:25:58.841396093 CEST	443	49730	104.102.49.254	192.168.2.4
Oct 25, 2024 01:25:58.842503071 CEST	443	49730	104.102.49.254	192.168.2.4
Oct 25, 2024 01:25:58.891845942 CEST	49730	443	192.168.2.4	104.102.49.254
Oct 25, 2024 01:25:59.255341053 CEST	49730	443	192.168.2.4	104.102.49.254
Oct 25, 2024 01:25:59.303337097 CEST	443	49730	104.102.49.254	192.168.2.4
Oct 25, 2024 01:25:59.847769976 CEST	443	49730	104.102.49.254	192.168.2.4
Oct 25, 2024 01:25:59.847801924 CEST	443	49730	104.102.49.254	192.168.2.4
Oct 25, 2024 01:25:59.847863913 CEST	443	49730	104.102.49.254	192.168.2.4
Oct 25, 2024 01:25:59.847903967 CEST	443	49730	104.102.49.254	192.168.2.4
Oct 25, 2024 01:25:59.847945929 CEST	443	49730	104.102.49.254	192.168.2.4
Oct 25, 2024 01:25:59.848032951 CEST	49730	443	192.168.2.4	104.102.49.254
Oct 25, 2024 01:25:59.848033905 CEST	49730	443	192.168.2.4	104.102.49.254
Oct 25, 2024 01:25:59.848033905 CEST	49730	443	192.168.2.4	104.102.49.254
Oct 25, 2024 01:25:59.848067045 CEST	443	49730	104.102.49.254	192.168.2.4
Oct 25, 2024 01:25:59.848112106 CEST	49730	443	192.168.2.4	104.102.49.254
Oct 25, 2024 01:25:59.848128080 CEST	49730	443	192.168.2.4	104.102.49.254
Oct 25, 2024 01:25:59.860970974 CEST	443	49730	104.102.49.254	192.168.2.4
Oct 25, 2024 01:25:59.861073971 CEST	443	49730	104.102.49.254	192.168.2.4
Oct 25, 2024 01:25:59.861107111 CEST	49730	443	192.168.2.4	104.102.49.254
Oct 25, 2024 01:25:59.861115932 CEST	443	49730	104.102.49.254	192.168.2.4
Oct 25, 2024 01:25:59.861134052 CEST	49730	443	192.168.2.4	104.102.49.254
Oct 25, 2024 01:25:59.861167908 CEST	49730	443	192.168.2.4	104.102.49.254
Oct 25, 2024 01:25:59.863082886 CEST	49730	443	192.168.2.4	104.102.49.254
Oct 25, 2024 01:25:59.863101006 CEST	443	49730	104.102.49.254	192.168.2.4
Oct 25, 2024 01:25:59.863114119 CEST	49730	443	192.168.2.4	104.102.49.254
Oct 25, 2024 01:25:59.863120079 CEST	443	49730	104.102.49.254	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 25, 2024 01:25:57.851898909 CEST	50769	53	192.168.2.4	1.1.1.1
Oct 25, 2024 01:25:57.861525059 CEST	53	50769	1.1.1.1	192.168.2.4
Oct 25, 2024 01:25:57.864857912 CEST	55271	53	192.168.2.4	1.1.1.1
Oct 25, 2024 01:25:57.874150991 CEST	53	55271	1.1.1.1	192.168.2.4
Oct 25, 2024 01:25:57.876812935 CEST	55831	53	192.168.2.4	1.1.1.1
Oct 25, 2024 01:25:57.886538982 CEST	53	55831	1.1.1.1	192.168.2.4
Oct 25, 2024 01:25:57.889508963 CEST	56897	53	192.168.2.4	1.1.1.1
Oct 25, 2024 01:25:57.899141073 CEST	53	56897	1.1.1.1	192.168.2.4
Oct 25, 2024 01:25:57.901894093 CEST	51224	53	192.168.2.4	1.1.1.1
Oct 25, 2024 01:25:57.911695957 CEST	53	51224	1.1.1.1	192.168.2.4
Oct 25, 2024 01:25:57.914503098 CEST	60823	53	192.168.2.4	1.1.1.1
Oct 25, 2024 01:25:57.924120903 CEST	53	60823	1.1.1.1	192.168.2.4
Oct 25, 2024 01:25:57.926922083 CEST	54746	53	192.168.2.4	1.1.1.1
Oct 25, 2024 01:25:57.935827017 CEST	53	54746	1.1.1.1	192.168.2.4
Oct 25, 2024 01:25:57.938081026 CEST	50876	53	192.168.2.4	1.1.1.1
Oct 25, 2024 01:25:57.947221994 CEST	53	50876	1.1.1.1	192.168.2.4
Oct 25, 2024 01:25:57.951822042 CEST	63559	53	192.168.2.4	1.1.1.1
Oct 25, 2024 01:25:57.959279060 CEST	53	63559	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 25, 2024 01:25:57.851898909 CEST	192.168.2.4	1.1.1.1	0x406	Standard query (0)	clearancek.site	A (IP address)	IN (0x0001)	false
Oct 25, 2024 01:25:57.864857912 CEST	192.168.2.4	1.1.1.1	0xecfd	Standard query (0)	mobbipenju.store	A (IP address)	IN (0x0001)	false
Oct 25, 2024 01:25:57.876812935 CEST	192.168.2.4	1.1.1.1	0x440	Standard query (0)	eaglepawnoy.store	A (IP address)	IN (0x0001)	false
Oct 25, 2024 01:25:57.889508963 CEST	192.168.2.4	1.1.1.1	0x35f6	Standard query (0)	dissapoiznw.store	A (IP address)	IN (0x0001)	false
Oct 25, 2024 01:25:57.901894093 CEST	192.168.2.4	1.1.1.1	0x9693	Standard query (0)	studennotediw.store	A (IP address)	IN (0x0001)	false
Oct 25, 2024 01:25:57.914503098 CEST	192.168.2.4	1.1.1.1	0x3811	Standard query (0)	bathdoomgaz.store	A (IP address)	IN (0x0001)	false
Oct 25, 2024 01:25:57.926922083 CEST	192.168.2.4	1.1.1.1	0x7fe5	Standard query (0)	spirittunek.store	A (IP address)	IN (0x0001)	false
Oct 25, 2024 01:25:57.938081026 CEST	192.168.2.4	1.1.1.1	0xc5e6	Standard query (0)	licendfilteo.site	A (IP address)	IN (0x0001)	false
Oct 25, 2024 01:25:57.951822042 CEST	192.168.2.4	1.1.1.1	0xcfe1	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 25, 2024 01:25:57.861525059 CEST	1.1.1.1	192.168.2.4	0x406	Name error (3)	clearancek.site	none	none	A (IP address)	IN (0x0001)	false
Oct 25, 2024 01:25:57.874150991 CEST	1.1.1.1	192.168.2.4	0xecfd	Name error (3)	mobbipenju.store	none	none	A (IP address)	IN (0x0001)	false
Oct 25, 2024 01:25:57.886538982 CEST	1.1.1.1	192.168.2.4	0x440	Name error (3)	eaglepawnoy.store	none	none	A (IP address)	IN (0x0001)	false
Oct 25, 2024 01:25:57.899141073 CEST	1.1.1.1	192.168.2.4	0x35f6	Name error (3)	dissapoiznw.store	none	none	A (IP address)	IN (0x0001)	false
Oct 25, 2024 01:25:57.911695957 CEST	1.1.1.1	192.168.2.4	0x9693	Name error (3)	studennotediw.store	none	none	A (IP address)	IN (0x0001)	false
Oct 25, 2024 01:25:57.924120903 CEST	1.1.1.1	192.168.2.4	0x3811	Name error (3)	bathdoomgaz.store	none	none	A (IP address)	IN (0x0001)	false
Oct 25, 2024 01:25:57.935827017 CEST	1.1.1.1	192.168.2.4	0x7fe5	Name error (3)	spirittunek.store	none	none	A (IP address)	IN (0x0001)	false
Oct 25, 2024 01:25:57.947221994 CEST	1.1.1.1	192.168.2.4	0xc5e6	Name error (3)	licendfilteo.site	none	none	A (IP address)	IN (0x0001)	false
Oct 25, 2024 01:25:57.959279060 CEST	1.1.1.1	192.168.2.4	0xcfe1	No error (0)	steamcommunity.com		104.102.49.254	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

steamcommunity.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	104.102.49.254	443	6544	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-24 23:25:59 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-10-24 23:25:59 UTC	1917	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https:// [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Thu, 24 Oct 2024 23:25:59 GMT Content-Length: 26105 Connection: close Set-Cookie: sessionid=346313cc8dbc10599301df23; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7Cbcfeb0e5371aba24e9977faccad43253; Path=/; Secure; HttpOnly; SameSite=None
2024-10-24 23:25:59 UTC	14467	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
2024-10-24 23:25:59 UTC	11638	IN	Data Raw: 22 3f 6c 3d 74 63 68 69 6e 65 73 65 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 74 63 68 69 6e 65 73 65 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e e7 b9 81 e9 ab 94 e4 b8 ad e6 96 87 20 28 54 72 61 64 69 74 69 6f 6e 61 6c 20 43 68 69 6e 65 73 65 29 3c 2f 61 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 20 74 69 67 68 74 22 20 68 72 65 66 3d 22 3f 6c 3d 6a 61 70 61 6e 65 73 65 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 6a 61 70 61 6e 65 73 65 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e e6 97 a5 e6 9c ac e8 aa 9e 20 28 4a Data Ascii: "?l=tchinese" onclick="ChangeLanguage( 'tchinese' ); return false;"> (Traditional Chinese)</a><a class="popup_menu_item tight" href="?l=japanese" onclick="ChangeLanguage( 'japanese' ); return false;"> (J

Target ID:	0
Start time:	19:25:56
Start date:	24/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x8c0000
File size:	2'916'864 bytes
MD5 hash:	8A8AC6E786885A36E9AD6F8143FBEA3F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	56.2%
Total number of Nodes:	48
Total number of Limit Nodes:	6

Executed Functions

Function 009050FA Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNEL32(19A41BB1,00000000,00000800), ref: 00905182

Strings

<I$), xrefs: 009052E3
<I$), xrefs: 00905198
@^, xrefs: 00905120

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID: LibraryLoad
String ID: <I$)$<I$)$@^
API String ID: 1029625771-935358343
Opcode ID: aa40f5d8fcbf04ceb8b101795ffdbf7ff8258a09151eacdbc2ab69ab8de4b4ce
Instruction ID: 06eb1506f4a990c221794f15d3491ac6fab9befa09365b623ecc752fdc51ca60
Opcode Fuzzy Hash: aa40f5d8fcbf04ceb8b101795ffdbf7ff8258a09151eacdbc2ab69ab8de4b4ce
Instruction Fuzzy Hash: 95219F7561C3848FC300DF68D88176AB7F4AB5A300FA9882CE1C5D73A1D635DA15CF56

Function 008CFCA0 Relevance: 5.4, Strings: 4, Instructions: 373
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

VY^_, xrefs: 008CFDFF
t, xrefs: 008CFCBE
V, xrefs: 008CFEDC
J|BJ, xrefs: 008D000D

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID: J|BJ$V$VY^_$t
API String ID: 0-3701112211
Opcode ID: 5734b22553ab74ec425ac9f33bdff44cfdc7accd36a2984fc1b86aeca1732312
Instruction ID: 1a4187552b3c672cb000d1b1205cfe91b18e514b226136f3a3c6ea37e90ef110
Opcode Fuzzy Hash: 5734b22553ab74ec425ac9f33bdff44cfdc7accd36a2984fc1b86aeca1732312
Instruction Fuzzy Hash: 72D142745083809BD710DF189490B5FBBE2FB96B48F18892DE5D98B352C736CD09EB92

Function 008CD110 Relevance: 1.7, APIs: 1, Instructions: 168
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(00000000), ref: 008CD2F1

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 46b71ffd4988a12d55dee1357f0f2436a495adc6270e1b2236202ba6c008d88b
Instruction ID: 6306f65c60ffeb5d48179c7d765d4ce049e64769b6396bdd7cd5cb9e4b53c386
Opcode Fuzzy Hash: 46b71ffd4988a12d55dee1357f0f2436a495adc6270e1b2236202ba6c008d88b
Instruction Fuzzy Hash: D3410170509380ABD201BB68D584E2EFBF5EF92745F188C2CE5C4DB252D23AE8149B67

Function 00905BB0 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL(0090973D,005C003F,00000006,?,?,00000018,8C8D8A8B,?,?), ref: 00905BDE

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82

Function 0090695B Relevance: 1.4, Strings: 1, Instructions: 100
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

@, xrefs: 009069C5

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: efe6b408dbe6b5d2a4ed90ed1c2e96985b186c0bfe2a6f7ac24a7de7eb700b7e
Instruction ID: 29f61d736f4fdd412d715e5aeb5a1140c52f60aa6ad1fbbf384dfe981b8e1648
Opcode Fuzzy Hash: efe6b408dbe6b5d2a4ed90ed1c2e96985b186c0bfe2a6f7ac24a7de7eb700b7e
Instruction Fuzzy Hash: FD3189B1A183019FD718EF18D8A072BB7F6FF84344F48981CE5C6972A1E3789954CB56

Function 008D049B Relevance: .3, Instructions: 264
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b024348b50b7ce440245be8f09641aa92efad3e5f27d5a506da5da9df06c5de
Instruction ID: 0dd72a62ff7d41d008f62f4562cea45273b28ca977c5233f7f43b787c5c12c8c
Opcode Fuzzy Hash: 4b024348b50b7ce440245be8f09641aa92efad3e5f27d5a506da5da9df06c5de
Instruction Fuzzy Hash: 23916875214B00CFD724CF25E8A4B26B7F6FF89314F118A6DE8568BAA1D730E815DB90

Function 008D0228 Relevance: .2, Instructions: 218
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6cdbb6866a48a5dd18f1e9f4ec25cc26dae1ed67e054bcbe98635a64b1f7491
Instruction ID: 33f0024c46bdb4dfff02385084bf07cbc1210fbe87d2b87851c8035815850b07
Opcode Fuzzy Hash: e6cdbb6866a48a5dd18f1e9f4ec25cc26dae1ed67e054bcbe98635a64b1f7491
Instruction Fuzzy Hash: 81716974218700DFE724CF21ECA4B26B7F6FF89314F108969E8968BA62C731A915DF50

Function 009099D0 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c93ba39dc1c0a2c371f17f7f7dab852b215e548d9a60a320c779c64014377c2c
Instruction ID: d44828b7a2f864afce4d1a4a41a844bcd32c1362a71c97ca6fa7be58797d7e9e
Opcode Fuzzy Hash: c93ba39dc1c0a2c371f17f7f7dab852b215e548d9a60a320c779c64014377c2c
Instruction Fuzzy Hash: 3B417C34308300AFD7149B15E891B2BB7AAEBC5724F55882CE58A972D2D335E801DB62

Function 009063B8 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 1aae5a3fe8f8dab680279c7411b1b7160a6b04b50b9fa0933f62210800b46f32
Instruction ID: 7c9b9f745c23b18d591707fa860c5ddff5fe3f5d0356fa305f316a1a826da758
Opcode Fuzzy Hash: 1aae5a3fe8f8dab680279c7411b1b7160a6b04b50b9fa0933f62210800b46f32
Instruction Fuzzy Hash: 7C319170649301FEE624DB04CD82F2BB7A6EB81B51F658918F1815A2E1D3B0A821DB52

Function 008D0EEC Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bcc550c52ec5e43e061ab71b495585598d068b21e1a0ef5537c844937e91fef1
Instruction ID: 7341d6864c33fe7f06c614827c48c4789bca5be64c1f9687621441b5ae0d2ac9
Opcode Fuzzy Hash: bcc550c52ec5e43e061ab71b495585598d068b21e1a0ef5537c844937e91fef1
Instruction Fuzzy Hash: 8D2128B490422A9FDB15CF94CC90BBEBBB1FB4A304F244909E411BB392C735A911CF64

Function 00903220 Relevance: 1.6, APIs: 1, Instructions: 59
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(?,00000000), ref: 009032A6

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 0db2ae9c7dfb8dbae72b06be185e0e532142ebc477a49cb78cf67abea677c9b4
Instruction ID: 216a6310873fed5e9db0690da9de4dfe3bb62219fecb526fc620182e2e60641b
Opcode Fuzzy Hash: 0db2ae9c7dfb8dbae72b06be185e0e532142ebc477a49cb78cf67abea677c9b4
Instruction Fuzzy Hash: 33014B3460D2409FC701AB18E845A1ABBF8EF4AB00F45891CE5C58B361D335DD60DB96

Function 00903202 Relevance: 1.5, APIs: 1, Instructions: 6
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,00000000), ref: 00903208

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: c34619e6c9e3dbca9786f9064b6e21e6759a55c76a085ce0fc193287fe433651
Instruction ID: b6bbce9ce3f925a0894e7ff39c7aba72db79bd9ca84fa27f53b0efd292a3a33d
Opcode Fuzzy Hash: c34619e6c9e3dbca9786f9064b6e21e6759a55c76a085ce0fc193287fe433651
Instruction Fuzzy Hash: 34B012702500006FDA041B00EC0AF003510EF00605F800050A100040F1D1655964D554

Non-executed Functions

Function 008DDB6F Relevance: 32.0, Strings: 24, Instructions: 2006COMMON

Download Yara Rule

Strings

()./, xrefs: 008DE9CA
:WUE, xrefs: 008DF6B7, 008DF6C6
mjkh, xrefs: 008DE7D8
lkji, xrefs: 008DE73E
QNOL, xrefs: 008DE775
WP, xrefs: 008DDCEF
AR, xrefs: 008DDD10
@ONM, xrefs: 008DE6DB
`onm, xrefs: 008DE733
<=2, xrefs: 008DEA01
|, xrefs: 008DECB1
89&', xrefs: 008DE93B
tsrq, xrefs: 008DE6FC
`Y^_, xrefs: 008DE99E
dcba, xrefs: 008DE728
D, xrefs: 008DE846
89>?, xrefs: 008DE9F6
%*+(, xrefs: 008DDE37, 008DDE46
xgfe, xrefs: 008DE71D
DCBA, xrefs: 008DE887, 008DE896
tuJK, xrefs: 008DE967
<=:;, xrefs: 008DE930
T, xrefs: 008DF157
LKJI, xrefs: 008DE6E6

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: %*+($()./$89&'$89>?$:WUE$<=2$<=:;$@ONM$AR$D$DCBA$LKJI$QNOL$T$WP$`Y^_$`onm$dcba$lkji$mjkh$tsrq$tuJK$xgfe$|
API String ID: 2994545307-1418943773
Opcode ID: 641c6ae9355b888c9014ef54acbe615e1012a2e6b724f1cbfd458e3502949520
Instruction ID: ead8b4f73de181b37d364597d6c7307212adee35d99a2a94b258590cb72429eb
Opcode Fuzzy Hash: 641c6ae9355b888c9014ef54acbe615e1012a2e6b724f1cbfd458e3502949520
Instruction Fuzzy Hash: F8F265B05083819BD770DF14C884BABBBE6FBD5304F14492EE5C98B392DB319984DB92

Function 008F23E0 Relevance: 31.3, APIs: 4, Strings: 12, Instructions: 3298COMMON

Download Yara Rule

Strings

f@~!, xrefs: 008F25FF
Cx, xrefs: 008F453D
aenQ, xrefs: 008F276A
ggxz, xrefs: 008F2685
`tii, xrefs: 008F2693
{l`~, xrefs: 008F268C
mlc@, xrefs: 008F275C
fedc, xrefs: 008F2782
3<, xrefs: 008F32D6
|}&C, xrefs: 008F2F21
%*+(, xrefs: 008F40EF
:, xrefs: 008F32DD

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID: %*+($3<$:$Cx$`tii$aenQ$f@~!$fedc$ggxz$mlc@${l`~$|}&C
API String ID: 0-786070067
Opcode ID: 67360aa7786228e435c6dd030ad9878ea9c08b5ef0e328fd9954edc614c0d61f
Instruction ID: 005000ecf5f09a88b4fa04d3c86f9d499b0e038509be1672f7e07909da993dea
Opcode Fuzzy Hash: 67360aa7786228e435c6dd030ad9878ea9c08b5ef0e328fd9954edc614c0d61f
Instruction Fuzzy Hash: D533CA70114B818FD7258F38C590B62BBE1FF16304F58899DE5DA8BB92C735E906CBA1

Function 008E9F62 Relevance: 21.7, Strings: 17, Instructions: 473COMMON

Download Yara Rule

Strings

CG, xrefs: 008EAA32
S], xrefs: 008EA636
WH, xrefs: 008EAA1C
kW, xrefs: 008EA380
N[, xrefs: 008EA375
Gt, xrefs: 008E9FF8
JG, xrefs: 008EAA27
sm, xrefs: 008EA830
]{, xrefs: 008EA1E7, 008EA1F3
?m,o, xrefs: 008EA13C
=], xrefs: 008EA36A
%e6g, xrefs: 008EA152
/), xrefs: 008EA66D
hi, xrefs: 008EAB9D
WQ, xrefs: 008EA62B
(a*c, xrefs: 008EA147
_Y, xrefs: 008EA641

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID: %e6g$(a*c$=]$?m,o$CG$Gt$JG$N[$WH$]{$hi$kW$/)$S]$WQ$_Y$sm
API String ID: 0-1131134755
Opcode ID: 5613e535f56c3b2842859248b7ed08de55daa05711211466168afc891d921e9c
Instruction ID: c0a0440c99f815d7da5276347b947c6d8801b5a95ff9f8f0616ef1fbf5df2c32
Opcode Fuzzy Hash: 5613e535f56c3b2842859248b7ed08de55daa05711211466168afc891d921e9c
Instruction Fuzzy Hash: E452C6B450D385CAE274CF26D581B8EBAF1BB92740F608A1DE1ED9B255DBB08045CF93

Function 008E9510 Relevance: 20.4, Strings: 16, Instructions: 427COMMON

Download Yara Rule

Strings

,A&C, xrefs: 008E982E
B7U1, xrefs: 008E9AFB
X/R), xrefs: 008E9AEB
G+X5, xrefs: 008E9AF3
T#a-, xrefs: 008E9AE3
pq, xrefs: 008E99E0
8;, xrefs: 008E9B13
;IJK, xrefs: 008E983E
B?Q9, xrefs: 008E9B0B
2A"_, xrefs: 008E9980
L3Y=, xrefs: 008E9B03
z=Q?, xrefs: 008E9826
O+f), xrefs: 008E9634, 008E963D
G'M!, xrefs: 008E9ADB
!E4G, xrefs: 008E9836
?M0K, xrefs: 008E9968

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID: !E4G$,A&C$2A"_$8;$;IJK$?M0K$B7U1$B?Q9$G'M!$G+X5$L3Y=$O+f)$T#a-$X/R)$pq$z=Q?
API String ID: 0-655414846
Opcode ID: 53e7805cc67e9776765d95a63ab3bdaed92f3d56fdf2e2158826ebdfad4b40e4
Instruction ID: 9ae05319630ab6c9f8123282513372848b28e06fb18abe6e8b722601d9597a1e
Opcode Fuzzy Hash: 53e7805cc67e9776765d95a63ab3bdaed92f3d56fdf2e2158826ebdfad4b40e4
Instruction Fuzzy Hash: 8AF14FB0508385ABD310DF16D881A2BBBF4FB96B48F144D1CF4D99B252D3B4D909CB96

Function 008EDD29 Relevance: 14.9, Strings: 11, Instructions: 1142COMMON

Download Yara Rule

Strings

,Q?S, xrefs: 008EE26F
{E, xrefs: 008EE323
hX]N, xrefs: 008EDDC7
n\+H, xrefs: 008EDDC0
-M2O, xrefs: 008EE25A
%*+(, xrefs: 008EE143
)IgK, xrefs: 008EE261
<Y.[, xrefs: 008EE27D
Y9N;, xrefs: 008EE245
upH}, xrefs: 008EDE8A, 008EE798, 008EDF4A
=]+_, xrefs: 008EE276

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID: %*+($)IgK$,Q?S$-M2O$<Y.[$=]+_$Y9N;$hX]N$n\+H$upH}${E
API String ID: 0-1557708024
Opcode ID: b8a23551964db280befd5c543d44288f506e0584ca5f7db92e46ad5b7692fd16
Instruction ID: 8aec1d54d0819d0cabe52cda92f9c82f2168ae0daa010df8e748f7ab8a46cd08
Opcode Fuzzy Hash: b8a23551964db280befd5c543d44288f506e0584ca5f7db92e46ad5b7692fd16
Instruction Fuzzy Hash: 7B9214B1E10255CFDB14CF69D8417AEBBB2FF8A310F298168E556AB391D731AD01CB90

Function 00A8DEC3 Relevance: 11.6, Strings: 8, Instructions: 1642COMMON

Download Yara Rule

Strings

Z,}_, xrefs: 00A8E11D
=~], xrefs: 00A8E49A
.NT{, xrefs: 00A8EAE5
^{, xrefs: 00A8DF8C
Z,}_, xrefs: 00A8E129
R8d, xrefs: 00A8DF53
/$~~, xrefs: 00A8E01A
g@o7, xrefs: 00A8E850

Memory Dump Source

Source File: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID: .NT{$/$~~$=~]$Z,}_$Z,}_$g@o7$R8d$^{
API String ID: 0-2714896285
Opcode ID: 83ca7a3ac5468f42fa15e30c723a847e407117cf8c0ae75682308ff3925b415c
Instruction ID: f7cbb66d3248c559019e95077e0d2a45e138915e82ec5384e1e9f755be8bb662
Opcode Fuzzy Hash: 83ca7a3ac5468f42fa15e30c723a847e407117cf8c0ae75682308ff3925b415c
Instruction Fuzzy Hash: 25B21BF360C204AFE314AE2DEC8567ABBE9EF94360F1A453DE6C4C7744E93598018697

Function 008E098B Relevance: 10.8, Strings: 8, Instructions: 836COMMON

Download Yara Rule

Strings

%*+(, xrefs: 008E0A77, 008E0A86
qrqp, xrefs: 008E1089
cah`, xrefs: 008E107E
{, xrefs: 008E1502
&> &, xrefs: 008E0F89
9.5^, xrefs: 008E0F9F
,#15, xrefs: 008E0F94
gce/, xrefs: 008E1073

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID: %*+($&> &$,#15$9.5^$cah`$gce/$qrqp${
API String ID: 0-4102007303
Opcode ID: e67b2c13f4fb34aeab3c5f3c9958e4a039030d91a085d05f666b473389ce2058
Instruction ID: b28385bfa42588bcf0e51dd6dca3e25588015d4ec14ac4285f73926ea7a216c9
Opcode Fuzzy Hash: e67b2c13f4fb34aeab3c5f3c9958e4a039030d91a085d05f666b473389ce2058
Instruction Fuzzy Hash: 6C6299B16083858BD730CF19D895BABBBE1FF96314F044D2DE49A8B681E7758980CB53

Function 008C1000 Relevance: 10.5, Strings: 7, Instructions: 1785COMMON

Download Yara Rule

Strings

gfff, xrefs: 008C2297
0123456789abcdefxp, xrefs: 008C1587, 008C15F8
gfff, xrefs: 008C2226
gfff, xrefs: 008C22E1
@, xrefs: 008C2C40
-, xrefs: 008C21ED
0123456789ABCDEFXP, xrefs: 008C157D, 008C15EB

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$@$gfff$gfff$gfff
API String ID: 0-2517803157
Opcode ID: 05b6764e350f129ae5d0a61616cede2ff3694cad2b455e7bfa8514f98585f5b4
Instruction ID: bfb4f2d3005116b2c5be0375a62a6683553f3fd6117d1818da7ed9eabc86114c
Opcode Fuzzy Hash: 05b6764e350f129ae5d0a61616cede2ff3694cad2b455e7bfa8514f98585f5b4
Instruction Fuzzy Hash: 7CD2CE716083518FD718CE28C494B6ABBF2FBD9314F18CA2DE499C7392D674D946CB82

Function 00A9633C Relevance: 10.4, Strings: 7, Instructions: 1616COMMON

Download Yara Rule

Strings

L<]^, xrefs: 00A967FA
I__, xrefs: 00A9696A
jo, xrefs: 00A96741
AM}~, xrefs: 00A96EE0
*n?w, xrefs: 00A96E5E
tuv>, xrefs: 00A9694F
Ro, xrefs: 00A973D6

Memory Dump Source

Source File: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID: Ro$*n?w$AM}~$I__$L<]^$tuv>$jo
API String ID: 0-877110593
Opcode ID: e7a6d30e1520a52ea2f6229cd6f28cd4cf5c3939cd74d3c0ecf282aba0e140d8
Instruction ID: 2386c278af988a0d160d46887f561af1536a73a47c57d4657cc03f1252cf15c6
Opcode Fuzzy Hash: e7a6d30e1520a52ea2f6229cd6f28cd4cf5c3939cd74d3c0ecf282aba0e140d8
Instruction Fuzzy Hash: 23B205F3A0C2109FE7046E2DEC8566ABBE5EF94720F16493DEAC5C3344EA3598058796

Function 00A9141F Relevance: 10.3, Strings: 7, Instructions: 1590COMMON

Download Yara Rule

Strings

3-, xrefs: 00A91A34
q0o, xrefs: 00A92485
?_Z, xrefs: 00A9185C
#~, xrefs: 00A925AF
."., xrefs: 00A9248A
hwV, xrefs: 00A92748
YMS, xrefs: 00A91EDD

Memory Dump Source

Source File: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID: .".$3-$?_Z$YMS$hwV$q0o$#~
API String ID: 0-3611440112
Opcode ID: 0b0675685fd24daec363114b6fc2b751ab67c85f019bb7e38c31dbd7189b1bbe
Instruction ID: c90b13563917453c6e6dd961bfc3b5d278d2566fad4aec757f41445a1ad04e93
Opcode Fuzzy Hash: 0b0675685fd24daec363114b6fc2b751ab67c85f019bb7e38c31dbd7189b1bbe
Instruction Fuzzy Hash: 7EB237F3A0C2049FD704AE2DEC8567AFBE5EF94720F16893DEAC487740EA3558058697

Function 00A97E38 Relevance: 7.9, Strings: 5, Instructions: 1615COMMON

Download Yara Rule

Strings

2, xrefs: 00A98850
+D, xrefs: 00A98AEB
2, xrefs: 00A98885
Wo<=, xrefs: 00A98414
q7so, xrefs: 00A98215

Memory Dump Source

Source File: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID: 2$2$Wo<=$q7so$+D
API String ID: 0-1594277501
Opcode ID: c1becafa8fd243091ad507a3095e57b8a28f3f284b2b0fa8872b162b4594dbca
Instruction ID: 00b22f60196ac5142b8c3894a6268421a6e8ba7554bf906c7975ea2e46030372
Opcode Fuzzy Hash: c1becafa8fd243091ad507a3095e57b8a28f3f284b2b0fa8872b162b4594dbca
Instruction Fuzzy Hash: 4FB2D5F360C604AFE304AF29EC8567AFBE5EFD4720F16892DE6C487344EA3558058697

Function 008C12F7 Relevance: 7.2, Strings: 5, Instructions: 922COMMON

Download Yara Rule

Strings

i, xrefs: 008C28EA
@, xrefs: 008C3531
0, xrefs: 008C243E
0, xrefs: 008C1DC1
0, xrefs: 008C1E88

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID: 0$0$0$@$i
API String ID: 0-3124195287
Opcode ID: 2c28aae5f7f900ed89ce532ca14177f55f765e878ab4b6811af4bd19d4c9eb53
Instruction ID: ea94a1036eb794622fe1f02d170c389bda5e6f68196405c6cd99fa98363c35ec
Opcode Fuzzy Hash: 2c28aae5f7f900ed89ce532ca14177f55f765e878ab4b6811af4bd19d4c9eb53
Instruction Fuzzy Hash: 2E62CE7160C3818BC719CE28C494B6ABBF1FBD5318F188A6DE8D9C7291D774D949CB82

Function 008C164F Relevance: 6.7, Strings: 5, Instructions: 472COMMON

Download Yara Rule

Strings

0123456789abcdefxp, xrefs: 008C1659
+, xrefs: 008C1573
gfff, xrefs: 008C1F3C
gfff, xrefs: 008C1F57
0123456789ABCDEFXP, xrefs: 008C164F

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID: +$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
API String ID: 0-1123320326
Opcode ID: 96fe47bfffefcf0e17fa077a3db80f8fa66f259632e6477e878ae4515ac3a96d
Instruction ID: 258ed10582a89cc195258c4bde31df9acaa788a247752c86add423b42ac2fcf4
Opcode Fuzzy Hash: 96fe47bfffefcf0e17fa077a3db80f8fa66f259632e6477e878ae4515ac3a96d
Instruction Fuzzy Hash: C5F17F3160C7818FC719CE28C484B6AFBF2BBD9304F188A6DE4D9C7396D674D9458792

Function 008C13A3 Relevance: 6.6, Strings: 5, Instructions: 390COMMON

Download Yara Rule

Strings

0123456789abcdefxp, xrefs: 008C13AD
-, xrefs: 008C1F23
gfff, xrefs: 008C1F3C
gfff, xrefs: 008C1F57
0123456789ABCDEFXP, xrefs: 008C13A3

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
API String ID: 0-3620105454
Opcode ID: 248a0915dbd4e5901423bd9657bfd58640af0726e405b42a2f6e35eafe2baf1e
Instruction ID: d712f9a02f597a97eebc77bbc6a7c3def21f885e5b88d60bb0f86ca9d3ab7387
Opcode Fuzzy Hash: 248a0915dbd4e5901423bd9657bfd58640af0726e405b42a2f6e35eafe2baf1e
Instruction Fuzzy Hash: 21D16D356087818FC719CE29C48476AFBF2ABD9308F08CA6DE4D9C7396D634D949CB52

Function 00A92F13 Relevance: 6.6, Strings: 4, Instructions: 1572COMMON

Download Yara Rule

Strings

c+}, xrefs: 00A9325B
)W, xrefs: 00A935D6
bw}, xrefs: 00A941BC
g7 {, xrefs: 00A93832

Memory Dump Source

Source File: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID: )W$bw}$c+}$g7 {
API String ID: 0-3315631501
Opcode ID: 780baa1c54990ee8de238472baf79b63c5646b04d167f732e54fc8fdf957460c
Instruction ID: 94fa3442beaa8460b7ea3023dfec38eb24fed90d5285cc0d105267962a422792
Opcode Fuzzy Hash: 780baa1c54990ee8de238472baf79b63c5646b04d167f732e54fc8fdf957460c
Instruction Fuzzy Hash: FBB229F3A0C2049FE3046E2DEC8567ABBE9EF94320F1A463DE6C4C7744EA7558118697

Function 008EFD10 Relevance: 5.7, Strings: 4, Instructions: 667COMMON

Download Yara Rule

Strings

NA_I, xrefs: 008F036D
:, xrefs: 008F0087
uvw, xrefs: 008EFE95
m1s3, xrefs: 008EFEC3, 008EFECB

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID: :$NA_I$m1s3$uvw
API String ID: 0-3973114637
Opcode ID: f580685b678ca964afd1ee91dba46c498fe39e958e43d8f3043229940b9d7ab4
Instruction ID: 71c67d3ed256d8dd4d6325efae88d9450ee2f2263c1a2a6c38cab94a76eeaea5
Opcode Fuzzy Hash: f580685b678ca964afd1ee91dba46c498fe39e958e43d8f3043229940b9d7ab4
Instruction Fuzzy Hash: C73287B061C385DFD311DF29D880A2ABBE5FB8A344F14892CE6D58B292D335D945CF52

Function 008D3BE2 Relevance: 5.4, Strings: 4, Instructions: 431COMMON

Download Yara Rule

Strings

;z, xrefs: 008D3C87
%*+(, xrefs: 008D3EC4
ss, xrefs: 008D3C79
p, xrefs: 008D3C80

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID: %*+($;z$p$ss
API String ID: 0-2391135358
Opcode ID: ce2fcbcead35ff44f1ce8c77ece38b8855143ec8657ebfe797b9191ce412ef99
Instruction ID: 496fdb053eb44036ec24c009804f6843f2185c4c73915e3257f134ad4fb273a6
Opcode Fuzzy Hash: ce2fcbcead35ff44f1ce8c77ece38b8855143ec8657ebfe797b9191ce412ef99
Instruction Fuzzy Hash: 90024BB4810B00DFD760AF28D986756BFB5FB01300F508A5DE89A9B796D330E419CBA2

Function 008E2260 Relevance: 5.4, Strings: 4, Instructions: 383COMMON

Download Yara Rule

Strings

sj, xrefs: 008E2327
a|, xrefs: 008E2317
hu, xrefs: 008E232F
lc, xrefs: 008E2507

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID: a|$hu$lc$sj
API String ID: 0-3748788050
Opcode ID: b3f15910aab303e97f70f1196882a5564157aecf150dd76b0333a199fbeb029a
Instruction ID: 6cc4d80bb78e20a79a7d81b1097e2a43ae24fd0552db8f002b3344bf3dbc9280
Opcode Fuzzy Hash: b3f15910aab303e97f70f1196882a5564157aecf150dd76b0333a199fbeb029a
Instruction Fuzzy Hash: 4EA19CB04083818BC720DF19C891A2BB7F4FF96354F189A0CE8D99B3A1E375D941CB96

Function 00A8F9EA Relevance: 5.3, Strings: 3, Instructions: 1578COMMON

Download Yara Rule

Strings

~?7, xrefs: 00A8FCA9
ZZ], xrefs: 00A9032A
%EF%, xrefs: 00A904DF

Memory Dump Source

Source File: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID: %EF%$ZZ]$~?7
API String ID: 0-1924783623
Opcode ID: d190b826424b45a6c3baf8d704c72ee120dc4848fcf66a551c8286e34c90a2c1
Instruction ID: edb202962c8e367f093c2ba734b89ffdeadf4facb0f8f0fc9aa9736005dda63f
Opcode Fuzzy Hash: d190b826424b45a6c3baf8d704c72ee120dc4848fcf66a551c8286e34c90a2c1
Instruction Fuzzy Hash: E0A22AF360C204AFE7046E2DDC85B7ABBE9EF94720F1A853DEAC487744E93558018796

Function 00A8C45C Relevance: 5.3, Strings: 3, Instructions: 1570COMMON

Download Yara Rule

Strings

pJlN, xrefs: 00A8D71B
gBo}, xrefs: 00A8C6E9
s:=, xrefs: 00A8CB1E

Memory Dump Source

Source File: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID: gBo}$pJlN$s:=
API String ID: 0-222014759
Opcode ID: 1981cdf74c85df21cd9d2ed3b5f99950878a4d71f9e6815c22e81a6098cace72
Instruction ID: 14e2c9dcffc21126696b3485635505a7c2de32ca8631a4ee64fde9ef7c7b78dd
Opcode Fuzzy Hash: 1981cdf74c85df21cd9d2ed3b5f99950878a4d71f9e6815c22e81a6098cace72
Instruction Fuzzy Hash: 06B2D1F360C2009FE704AE2DEC8566ABBE5EF94720F1A493DE6C4C7344E63598458B97

Function 008ED7AF Relevance: 5.2, Strings: 4, Instructions: 213COMMON

Download Yara Rule

Strings

CV, xrefs: 008ED98B
KV, xrefs: 008ED97D
#', xrefs: 008ED9EA
T>, xrefs: 008ED984

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID: #'$CV$KV$T>
API String ID: 0-95592268
Opcode ID: a05df1d2263b779ec922aba12f136ecd4cbbbf2636dbf18e357d332bad31e34d
Instruction ID: 73dec0e0d6ceb6159b1bc058c82431dadab7057c4baaaad201727e6631ab3b08
Opcode Fuzzy Hash: a05df1d2263b779ec922aba12f136ecd4cbbbf2636dbf18e357d332bad31e34d
Instruction Fuzzy Hash: 1B8136B48017499FDB20DFA6D68516EBFB1FF12300F605A08E486AB755C330AA55CFE2

Function 008EAC91 Relevance: 5.1, Strings: 4, Instructions: 128COMMON

Download Yara Rule

Strings

(g6e, xrefs: 008EACA1
,{*y, xrefs: 008EAD07, 008EAD13
lk, xrefs: 008EACBC
4c2a, xrefs: 008EACA9

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID: (g6e$,{*y$4c2a$lk
API String ID: 0-1327526056
Opcode ID: f9c774b222fef2818d92ea66626acd060d175344011a9b6970bfd188b2ead36b
Instruction ID: 43ee468ce13dd3d39727992e542c86a1a41bd183f758748e69e42fe5a4096e84
Opcode Fuzzy Hash: f9c774b222fef2818d92ea66626acd060d175344011a9b6970bfd188b2ead36b
Instruction Fuzzy Hash: 8F41A6B4918381CBD7208F20D800BABB7F0FF86705F54995DE6C897260DB32D944CB96

Function 00A9A246 Relevance: 4.6, Strings: 3, Instructions: 871COMMON

Download Yara Rule

Strings

E+}, xrefs: 00A9A274
RQ, xrefs: 00A9A80E
A+}, xrefs: 00A9A26F

Memory Dump Source

Source File: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID: A+}$E+}$RQ
API String ID: 0-940452545
Opcode ID: f51a9f310cd8565a16affacfaf825bec58384ff2b0a0cd0a9235176e116e9639
Instruction ID: 33266857770831cc6930b8074525892a485483555bf0c27951e2aa39acff64f2
Opcode Fuzzy Hash: f51a9f310cd8565a16affacfaf825bec58384ff2b0a0cd0a9235176e116e9639
Instruction Fuzzy Hash: 8E4207F350C2049FE3046E29EC8277ABBE9EF94720F1A453DEAC583744EA3598158697

Function 008EC470 Relevance: 4.2, Strings: 3, Instructions: 419COMMON

Download Yara Rule

Strings

%*+(, xrefs: 008EC8C3, 008EC8CB
~/i!, xrefs: 008EC537
%*+(, xrefs: 008EC9E4, 008EC9ED

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID: %*+($%*+($~/i!
API String ID: 0-4033100838
Opcode ID: 79a7c55e05e60b92718dd39463d4db7a6b26b610a0d22089b68ffead4ac2e7ea
Instruction ID: 7aa664ec2a03df6aac3c07c8d90800bcb6d32dd994811c28df7f690aba4047e1
Opcode Fuzzy Hash: 79a7c55e05e60b92718dd39463d4db7a6b26b610a0d22089b68ffead4ac2e7ea
Instruction Fuzzy Hash: D5E199B591C384EFE7209F25D881B5BBBF5FB86344F44882CE69987251D732D811CB92

Function 00A949D1 Relevance: 4.1, Strings: 2, Instructions: 1563COMMON

Download Yara Rule

Strings

:ny, xrefs: 00A950B2
]3^, xrefs: 00A95248

Memory Dump Source

Source File: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID: ]3^$:ny
API String ID: 0-2341314100
Opcode ID: 88be835816278caa8a84770fce17b81a35e2717d0a8cc77862eafb48e41f0edc
Instruction ID: 96f1e7e727ab48dddcbb99a61565982939d314823cc4af440e0851e7a306176e
Opcode Fuzzy Hash: 88be835816278caa8a84770fce17b81a35e2717d0a8cc77862eafb48e41f0edc
Instruction Fuzzy Hash: 4BB2F6F3A0C2049FE3046E2DDC8577ABBE9EB94320F1A493DEAC5C3744E63598458697

Function 00904040 Relevance: 3.1, Strings: 2, Instructions: 577COMMON

Download Yara Rule

Strings

f, xrefs: 0090420C
%*+(, xrefs: 009040A4, 009040AD

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID: %*+($f
API String ID: 0-2038831151
Opcode ID: 7dae64b1cece12460e269f28bde1540ab5853bece2b9ddf55cc3acd02fa9c95d
Instruction ID: 890b18b503f833e750c93c8b5b7df25f88ce66f16d5b0404b99e90639f34aadc
Opcode Fuzzy Hash: 7dae64b1cece12460e269f28bde1540ab5853bece2b9ddf55cc3acd02fa9c95d
Instruction Fuzzy Hash: 501298B16083419FC714CF18C880B2FBBE6BBD9314F198A2CF6959B291D735E945CB92

Function 008FF620 Relevance: 3.0, Strings: 2, Instructions: 461COMMON

Download Yara Rule

Strings

dg, xrefs: 008FF7F5
hi, xrefs: 008FF6E6

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID: dg$hi
API String ID: 0-2859417413
Opcode ID: 660d05dd6efb0242c024fb3dc55415cc8ca60e2c2e06a00bc0558d764521c8db
Instruction ID: 00ce8fda125c98f2fc536694991c52256c5f05b9e0bc8dd2b46a1a1eb431c212
Opcode Fuzzy Hash: 660d05dd6efb0242c024fb3dc55415cc8ca60e2c2e06a00bc0558d764521c8db
Instruction Fuzzy Hash: 8DF17471628341EFE304DF24D891B6ABBE6FF85354F14896CF2858B2A2C735D946CB12

Function 008C35B0 Relevance: 2.9, Strings: 2, Instructions: 411COMMON

Download Yara Rule

Strings

Inf, xrefs: 008C3607
NaN, xrefs: 008C360E

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID: Inf$NaN
API String ID: 0-3500518849
Opcode ID: ea83b8b9178986260ce1bb7373627b003882d1c4df1ea68cfce0c9b9245ade87
Instruction ID: 652ad40fe65ce7a7a2a8c63b1302e4e46c4a5357efb5f5252fa7171adb9c4b7a
Opcode Fuzzy Hash: ea83b8b9178986260ce1bb7373627b003882d1c4df1ea68cfce0c9b9245ade87
Instruction Fuzzy Hash: 9ED1B171A183119BC714CF29C880A1ABBF5FBC8750F15CA2DF999D73A0E675DD068B82

Function 008DFFDF Relevance: 2.7, Strings: 2, Instructions: 185COMMON

Download Yara Rule

Strings

Ye[g, xrefs: 008E00F6
BaBc, xrefs: 008E0197

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID: BaBc$Ye[g
API String ID: 0-286865133
Opcode ID: bd9872fd3f30ec285677a979ac1f6d60373c604c9e8b7a5018cf52a0f7b465a7
Instruction ID: 6f0f9182172a73fd719d606fd4ad899cd0c4463a67a5bc7d7f61ab837abe0a7f
Opcode Fuzzy Hash: bd9872fd3f30ec285677a979ac1f6d60373c604c9e8b7a5018cf52a0f7b465a7
Instruction Fuzzy Hash: AB5188B16083858AD7318F5AC881BABB7E0FF96310F194D1DE49ACB651E3B49980CB57

Function 008C5160 Relevance: 1.8, Strings: 1, Instructions: 577COMMON

Download Yara Rule

Strings

%1.17g, xrefs: 008C54C8

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID: %1.17g
API String ID: 0-1551345525
Opcode ID: 9cb7b1ca432203b755a60366bc89face69b50c3d5901c1cd0353531ca3d03a05
Instruction ID: 72a6f56d8baf42f12f410af2bbdc20af52121b817ab836d93f1359e770b560d9
Opcode Fuzzy Hash: 9cb7b1ca432203b755a60366bc89face69b50c3d5901c1cd0353531ca3d03a05
Instruction Fuzzy Hash: C722B0B6A08B468BEB158E189940B27BBB2FFA1308F19856DD859CB341E771FCC5C741

Function 008F12D0 Relevance: 1.7, Strings: 1, Instructions: 484COMMON

Download Yara Rule

Strings

", xrefs: 008F15D1

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
Instruction ID: 82f8ea0cdddc13f5aaf4a0a710ef0688e4dabdfeb9cff193a43e796e492ea54c
Opcode Fuzzy Hash: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
Instruction Fuzzy Hash: 5FF13571A083498BCB24CE388498A3BBBE6FFD5354F18856DE999C7382D635DC058792

Function 008EAE57 Relevance: 1.7, Strings: 1, Instructions: 455COMMON

Download Yara Rule

Strings

%*+(, xrefs: 008EB2D3, 008EB2DB

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: c9fc0e904612c027862402d57b5b69cf5e8abdad54d2531eaf64083219104649
Instruction ID: 038270707165da22e78598dde655e8d5a58caa456fd6916e40be4f613eba207d
Opcode Fuzzy Hash: c9fc0e904612c027862402d57b5b69cf5e8abdad54d2531eaf64083219104649
Instruction Fuzzy Hash: F6E1A971508386DBC324DF2AC89056BB3F2FF9A791F55891CE5C587260E330EA59DB82

Function 008D6EBF Relevance: 1.7, Strings: 1, Instructions: 447COMMON

Download Yara Rule

Strings

%*+(, xrefs: 008D6EF3

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 5347f7e81a5aca61ab227432680244add1aada37fd010e7536713d5f47c8f53a
Instruction ID: 2b8f87a1865bc00f4fc1b0766b92c7ccebb41e0722aa6abfa49d1c219ac2dd96
Opcode Fuzzy Hash: 5347f7e81a5aca61ab227432680244add1aada37fd010e7536713d5f47c8f53a
Instruction Fuzzy Hash: D7F19DB5610A05CFD724DF28D891A26B3F6FF48314B148A2ED497C7B91EB31E925CB41

Function 008E7E60 Relevance: 1.7, Strings: 1, Instructions: 425COMMON

Download Yara Rule

Strings

%*+(, xrefs: 008E8263, 008E826B

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 4aaea016251fb1fc4f965fb8177db303e9710cf81982f9e423f263b971d86329
Instruction ID: 2fb6282b64628f42aec1c15a2e23534bad8069dfcbf3de708ce37a4aa95a0033
Opcode Fuzzy Hash: 4aaea016251fb1fc4f965fb8177db303e9710cf81982f9e423f263b971d86329
Instruction Fuzzy Hash: 73C18C71508240EBD710AB19C882A2FB7F5FF96754F088818F8C9DB291E735DD15DBA2

Function 008E8D62 Relevance: 1.7, Strings: 1, Instructions: 410COMMON

Download Yara Rule

Strings

%*+(, xrefs: 008E9233, 008E923B

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 367d29dd6d286df111d8a651fbcdbead2d7fd507a03aefd41256edadea452bb9
Instruction ID: 00c9c58d0fcc7983bc01be7cd58bce7c7ee67c368bb1625c4a66477536f1edcf
Opcode Fuzzy Hash: 367d29dd6d286df111d8a651fbcdbead2d7fd507a03aefd41256edadea452bb9
Instruction Fuzzy Hash: 06D1DD74628342DFD704DF69E881A6AB7E6FFC9304F49886CE886C7291D771E890CB51

Function 00907FC0 Relevance: 1.6, Strings: 1, Instructions: 387COMMON

Download Yara Rule

Strings

P, xrefs: 00908167

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID: P
API String ID: 0-3110715001
Opcode ID: bc5c964d246343b0a1fe2dfe7a6d0f11e6bac8d6a519f6661c0de614369d00d2
Instruction ID: b1feb5120e2888d84ffb197963057ed08991d97829c228a1cc4e3a2fcc31c968
Opcode Fuzzy Hash: bc5c964d246343b0a1fe2dfe7a6d0f11e6bac8d6a519f6661c0de614369d00d2
Instruction Fuzzy Hash: 3BD1D272A083618FC725CE18989075FB6E1EB84758F168A2CE8B5AB3D4CB75DC46C7C1

Function 008ECCD0 Relevance: 1.6, Strings: 1, Instructions: 357COMMON

Download Yara Rule

Strings

%*+(, xrefs: 008ECDC3, 008ECDCB

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: %*+(
API String ID: 2994545307-3233224373
Opcode ID: a62a5c09c9426a97cd255eb04a49a39267fe8257d677358a914e9bef76e690f0
Instruction ID: 30ac0f5f0d011a27f8a54db4f3786e1591671deaecb87026cd441f9aac9088a2
Opcode Fuzzy Hash: a62a5c09c9426a97cd255eb04a49a39267fe8257d677358a914e9bef76e690f0
Instruction Fuzzy Hash: C2B10070A093869BD714DF1AD881B2BBBE2FF86344F18482CE5C5CB251E735D856CB92

Function 008FFC20 Relevance: 1.5, Strings: 1, Instructions: 265COMMON

Download Yara Rule

Strings

%*+(, xrefs: 008FFCA4, 008FFCAD

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: df7b2561786498911b39d6d94932aac4eff9f45fa3b85d60f0c3cd040d083385
Instruction ID: fa83b7ab30113d610a2e4930f311cab6203f619aacf0d4aa43c0a002b7af1eb5
Opcode Fuzzy Hash: df7b2561786498911b39d6d94932aac4eff9f45fa3b85d60f0c3cd040d083385
Instruction Fuzzy Hash: B281B971218308EFD310AF68D885B2AB7E5FF89705F05882CF285C7292E730E815DB62

Function 008DD457 Relevance: 1.5, Strings: 1, Instructions: 248COMMON

Download Yara Rule

Strings

%*+(, xrefs: 008DD663, 008DD66B

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: b1cbc22c3394e190baf5b7a772f795100a7ed9536f0e4f56b615278ddc55721a
Instruction ID: 3ecaacba36ae8811c9afa5ed45c206d5da2e4e8a8da7eda021b61c3a6fbb2887
Opcode Fuzzy Hash: b1cbc22c3394e190baf5b7a772f795100a7ed9536f0e4f56b615278ddc55721a
Instruction Fuzzy Hash: B161C1B1908304DBD710AF18EC82A6AB3B1FF95354F09462DF9898B392E775E911C792

Function 00904A40 Relevance: 1.5, Strings: 1, Instructions: 220COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00904C33, 00904C3B

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: ca8d10ba47bddf2917aeaa948bafec7e024190950c59812e06d7d07c6dafbf41
Instruction ID: 1e98af288b8688f020afd65f116049664b3992943ebd06f2cf78e98317992b27
Opcode Fuzzy Hash: ca8d10ba47bddf2917aeaa948bafec7e024190950c59812e06d7d07c6dafbf41
Instruction Fuzzy Hash: A461ABB16093419FE7119F25C880B2EBBEAEBC4314F19892CEAC5872D1D671EC50DB92

Function 008CE1A0 Relevance: 1.4, Strings: 1, Instructions: 175COMMON

Download Yara Rule

Strings

000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081, xrefs: 008CE333

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
API String ID: 0-2471034898
Opcode ID: ebfe983f13f13f15a2575daa1bb4e22bb174138cc0ede70fc59f40f817767525
Instruction ID: d97acd1c286d16cfb043ce1b05954fb35925bae62ab44d2c55432c0276616d66
Opcode Fuzzy Hash: ebfe983f13f13f15a2575daa1bb4e22bb174138cc0ede70fc59f40f817767525
Instruction Fuzzy Hash: C1512433A196904BD328893C5C527A97A976BA2338B2DC36EF9F1CB3E5D565C8009380

Function 00903920 Relevance: 1.4, Strings: 1, Instructions: 172COMMON

Download Yara Rule

Strings

%*+(, xrefs: 009039E3, 009039EB

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: d14ba4ebb5add550c06fe663fc985f1bd3a57b9ea9144a2dfc7d1baa08927b19
Instruction ID: 8e8d96ba191a9889c977d4a6b3c61ec51ab212e0b9ddef6662e84dbb5a4e0d2c
Opcode Fuzzy Hash: d14ba4ebb5add550c06fe663fc985f1bd3a57b9ea9144a2dfc7d1baa08927b19
Instruction Fuzzy Hash: FA516874619240DFCB249F59D881A2ABBEEEB85744F18C82CE4CA87291D371DE10DB62

Function 008D1BEE Relevance: 1.4, Strings: 1, Instructions: 128COMMON

Download Yara Rule

Strings

L3, xrefs: 008D1C3E

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID: L3
API String ID: 0-2730849248
Opcode ID: c04f74e07515731e114692f7347ab8bd599123b128fc88d66ae715af049b2fb9
Instruction ID: 1abdc7b66b5355c5637c604a027071228dcd0f6a6dca95f307e521c47224d5b6
Opcode Fuzzy Hash: c04f74e07515731e114692f7347ab8bd599123b128fc88d66ae715af049b2fb9
Instruction Fuzzy Hash: 024152B411C380ABCB149F54C894A2BBBF0FF8A314F048A1DF5D59B290D736CA05CB56

Function 008FFF70 Relevance: 1.4, Strings: 1, Instructions: 124COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00900033, 0090003B

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 340254b77a05eaaf8cce9be71d97d8fbb8651e4c41c5ae64f6cdbcbd2f9a2afa
Instruction ID: 1d3bb44f3a6286d34db9636794c403f342fa676d793fc3d5c598ce31824ca5c7
Opcode Fuzzy Hash: 340254b77a05eaaf8cce9be71d97d8fbb8651e4c41c5ae64f6cdbcbd2f9a2afa
Instruction Fuzzy Hash: 5E31A3B1A08315AFD610EA64DC81B2BB7FDEBC5744F544828F985D7292E632DC14CBA3

Function 008EE40C Relevance: 1.4, Strings: 1, Instructions: 108COMMON

Download Yara Rule

Strings

72?1, xrefs: 008EE6A2

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID: 72?1
API String ID: 0-1649870076
Opcode ID: 38cc5db589c792784f499dfed18f7d03109216ae4706e0be0abc8810146b1055
Instruction ID: a1804d8800f8b58092e636d31c3a07532b57f95d0649a31ff8f4a3466e241320
Opcode Fuzzy Hash: 38cc5db589c792784f499dfed18f7d03109216ae4706e0be0abc8810146b1055
Instruction Fuzzy Hash: EA31E6B5A04245DFCB20DF9AE8809AFBBB5FB16345F14442CE556E7301D331A905CBA2

Function 008D6F91 Relevance: 1.4, Strings: 1, Instructions: 108COMMON

Download Yara Rule

Strings

%*+(, xrefs: 008D703B

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 2d5fed5a99789029297a47ee47880a5871348c64e960196fcefa12c90ee447d6
Instruction ID: 5f281d606de9229504dcfe5c73a935a522dbb1a9048a491ef81bba27242d945c
Opcode Fuzzy Hash: 2d5fed5a99789029297a47ee47880a5871348c64e960196fcefa12c90ee447d6
Instruction Fuzzy Hash: 55415271219B04DBD7348B61C995B27B7F2FB49700F158A1DE68A9BBA1E332F810CB10

Function 008EE66A Relevance: 1.4, Strings: 1, Instructions: 100COMMON

Download Yara Rule

Strings

72?1, xrefs: 008EE6A2

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID: 72?1
API String ID: 0-1649870076
Opcode ID: 0684aa8958e3ad14aa5312cbe4428cbb01b15ef271bf77570961ec858a29e3cc
Instruction ID: 08feedfee86e068d4435d3586ad65ee049cbb67e3265443be7fff62ae995f689
Opcode Fuzzy Hash: 0684aa8958e3ad14aa5312cbe4428cbb01b15ef271bf77570961ec858a29e3cc
Instruction Fuzzy Hash: 1E21D3B1A04245DFC720DF96E8809AFBBB5FB1A744F14481CD556EB301C331AD01CBA2

Function 00909CE0 Relevance: 1.3, Strings: 1, Instructions: 87COMMON

Download Yara Rule

Strings

@, xrefs: 00909D30

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: @
API String ID: 2994545307-2766056989
Opcode ID: e765874a8d283752b2ecbdf12fb1d875d14aac73ea2a1bd757591928d0c4cbbf
Instruction ID: 4e7af5ee1bacabc1fc492b7f3b90bdf6807306989429dd58557903b219537a9b
Opcode Fuzzy Hash: e765874a8d283752b2ecbdf12fb1d875d14aac73ea2a1bd757591928d0c4cbbf
Instruction Fuzzy Hash: 2E3134705093009FD314EF15D880A2AFBF9EF9A314F15892CF58997292D375D904CBA6

Function 008D4E2A Relevance: 1.0, Instructions: 957COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27b2792fc0d19998dd792ba250e3efd28668c4bebcf2956e109332d35339d5b4
Instruction ID: 4a12782e4548b2602c32605d2c0da96d1b1a909b1d8690ac4aceb2d3eb6679d7
Opcode Fuzzy Hash: 27b2792fc0d19998dd792ba250e3efd28668c4bebcf2956e109332d35339d5b4
Instruction Fuzzy Hash: FE6234B0510B408FD7258F28D890B26B7F6FF5A704F548A2ED49ACBB52E735E844CB91

Function 008CBEB0 Relevance: .9, Instructions: 895COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
Instruction ID: c30afe96cff561d005973311e12e951b05384b7dd94a8d99555986e330dab8ad
Opcode Fuzzy Hash: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
Instruction Fuzzy Hash: 7552C431A087158BC7259F18D4407BAB3F1FFD5319F298A2DD9CAD3290D734E8558B86

Function 00908652 Relevance: .7, Instructions: 710COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2523e708152a5edded2644de79b4dbc16161a9dc7cf39da0bf369cb42c9c5acf
Instruction ID: 2486054463a16888bfa33558ab4e342bd08fefeff9de164ea66b567f5b26ef19
Opcode Fuzzy Hash: 2523e708152a5edded2644de79b4dbc16161a9dc7cf39da0bf369cb42c9c5acf
Instruction Fuzzy Hash: 0622D93571C341DFC704DF68E88066ABBF1FB9A315F09886DE99987292C735D890DB82

Function 009086F0 Relevance: .7, Instructions: 681COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6444f4b48e8c00aeaaa64574e7b52a93eca715c77291b853e519f9c60a6c8c2
Instruction ID: b385edcaf1bf1e03d5069a272c48d4360e65e9af2aa40c53bca6228a53d537a7
Opcode Fuzzy Hash: f6444f4b48e8c00aeaaa64574e7b52a93eca715c77291b853e519f9c60a6c8c2
Instruction Fuzzy Hash: 1222B73561C341DFC704DF68E89062ABBF1EB9A305F09896DE5D9873A2C735E850DB82

Function 008CB3A0 Relevance: .7, Instructions: 670COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a87a8c50cccc1814d5ae746bf48419e8e3b59d86075b782297b27245d3dd401
Instruction ID: e9e16e1f117a6b611474cd3cce064e55815f9642b24be36b5fa04858d91f5efd
Opcode Fuzzy Hash: 5a87a8c50cccc1814d5ae746bf48419e8e3b59d86075b782297b27245d3dd401
Instruction Fuzzy Hash: 04529170908F888FE735CB24C486BA7BBF2FB95314F14482DC5E686A82C779E885C755

Function 008C71F0 Relevance: .7, Instructions: 657COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df17ee77deccaebf3cb09d09d2bcd63a43cec3f95e8437bfbf80745406b29e33
Instruction ID: aa7bfdcf1bcc4b7258746481e2228148d1a9f4ce290f2be47a3db38c233caebe
Opcode Fuzzy Hash: df17ee77deccaebf3cb09d09d2bcd63a43cec3f95e8437bfbf80745406b29e33
Instruction Fuzzy Hash: 21526B715083498BCB15CF29C090BAABBF1FF88318F198A6DE89997351D774D989CF81

Function 008C8FD0 Relevance: .6, Instructions: 620COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87ea25247bb98d9c7d085a7b2b3eb98b52b826153285cc368ceedf445bb69370
Instruction ID: 32c83ac1006110fa643c1299a721b2f7da76bfc5e7667064a9d76de0d00fd865
Opcode Fuzzy Hash: 87ea25247bb98d9c7d085a7b2b3eb98b52b826153285cc368ceedf445bb69370
Instruction Fuzzy Hash: 55425375618301DFD708CF28D854B6ABBF1FB88315F09886CE4958B3A1D735D985DB82

Function 008C7BF0 Relevance: .6, Instructions: 592COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70d3ddc00b2e90a1101b130eaa5b6d90fbd28bd2d99924e57b6cb0a79322ffb5
Instruction ID: a9899c8ddb679967bd48f9caec2f66bd0252c9a7b06003ebd1d67923d507f8e4
Opcode Fuzzy Hash: 70d3ddc00b2e90a1101b130eaa5b6d90fbd28bd2d99924e57b6cb0a79322ffb5
Instruction Fuzzy Hash: 7032F170518B158FC368CF29C590A6ABBF2FF45710B644A2ED6A787B90DB36F845CB10

Function 009089A0 Relevance: .5, Instructions: 545COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ba2bf9760bd1c3214cfe692c9deadfc0558011b3aa38adfa41d90f2eb8353b2
Instruction ID: 2968455648159762585b75456916167fc53dcacd902e6f1f939567fe19401f6d
Opcode Fuzzy Hash: 0ba2bf9760bd1c3214cfe692c9deadfc0558011b3aa38adfa41d90f2eb8353b2
Instruction Fuzzy Hash: CC02A83561C341DFC704DF68E880A1ABBF5EF9A305F09896DE5D9872A2C336D850DB92

Function 00908A80 Relevance: .5, Instructions: 524COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a30fb6cdac470b37d6905c03798b1befa099d9c786f8c03520e4af2bcd242f21
Instruction ID: 4352830052a02fcd253bdd061acfc151ee94282ab08f20360e454e85f7c53adb
Opcode Fuzzy Hash: a30fb6cdac470b37d6905c03798b1befa099d9c786f8c03520e4af2bcd242f21
Instruction Fuzzy Hash: 12F1883561C341DFC704DF28E88061AFBF5AB8A305F098D6DE4D987292D736D950DB92

Function 00908C02 Relevance: .5, Instructions: 487COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5caa8cb7597b7e8c3ee4b574c0a19457bf35c6a2ca33c7b8811f138c2b28e46e
Instruction ID: 9a7fb60784f44a8c69aff4eafbc36ee9f6a790a67d0456c3de044293f525e506
Opcode Fuzzy Hash: 5caa8cb7597b7e8c3ee4b574c0a19457bf35c6a2ca33c7b8811f138c2b28e46e
Instruction Fuzzy Hash: CEE1BC3171C341CFC704DF28E88066AB7E5AB8A315F098D6CE5E987292D736E950DB82

Function 008CA300 Relevance: .5, Instructions: 459COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
Instruction ID: 7bf067063d0417f14a97eafbfd946d6a0e4ad44bdcdd0c3201b878e8902cdc55
Opcode Fuzzy Hash: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
Instruction Fuzzy Hash: 98F19B756083458FC728CF29C881B6ABBE6FF98304F08882DE4D9C7751E639E945CB56

Function 00908E70 Relevance: .4, Instructions: 420COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a61629a5c24bad37fbe416583f5a12834da80879c5f4d0d0632d5f3f12d4e8f
Instruction ID: 9cab67dbd7e63982918eccc69a18867d54152560b93a40f92a89e56eda9720aa
Opcode Fuzzy Hash: 2a61629a5c24bad37fbe416583f5a12834da80879c5f4d0d0632d5f3f12d4e8f
Instruction Fuzzy Hash: BAD1983461C281DFD704EF28E88062AFBF5EB8A305F098D6DE4D587292D736D851DB92

Function 008D4487 Relevance: .4, Instructions: 389COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cde4665b88de89900cff1bed8c07e4b618a5c05e96b63f37701d3477dc57ce2
Instruction ID: 8e308eca9a650628567daddec872c2c54ea4359ccb5a4c79f70798e2b82a85dd
Opcode Fuzzy Hash: 7cde4665b88de89900cff1bed8c07e4b618a5c05e96b63f37701d3477dc57ce2
Instruction Fuzzy Hash: 1DE1FFB5511B008FD325CF28E9A2B97BBE1FF06704F04886DE4AAC7B52E735A914CB54

Function 00906CBF Relevance: .4, Instructions: 384COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43c9d41f14838b1274fe474c1eb83a0833b52b7203f6cb8052b7883a858ac577
Instruction ID: 95a15e6b45d3af90b1eeabfc4d95e63e0c01ca9d76a78abf6e87393c58dd6f69
Opcode Fuzzy Hash: 43c9d41f14838b1274fe474c1eb83a0833b52b7203f6cb8052b7883a858ac577
Instruction Fuzzy Hash: 8AD1CD3672C355CFC714CF28D88056ABBF2AB89314F0A8A6CE895C73A1D335DA45DB91

Function 00907AB0 Relevance: .4, Instructions: 354COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b81725144dd2ff8fd30debf2f291abc0a52ad5c141c160b7233fd82f4d593c8e
Instruction ID: f242d1cc3f20674b51e15d45c46237e39eaa734d0dc7f747f897b20632a8f6d7
Opcode Fuzzy Hash: b81725144dd2ff8fd30debf2f291abc0a52ad5c141c160b7233fd82f4d593c8e
Instruction Fuzzy Hash: 9CB1E3B2E083505FE314DAA8CC45B6BF7E9ABC5324F08492CE999973D1E635EC058792

Function 008CAF10 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
Instruction ID: 366cdd74f12fbcdc270cb46a5f4f8167a57509e88da5dad5e808a176555d27e4
Opcode Fuzzy Hash: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
Instruction Fuzzy Hash: 4EC14BB2A087458FC360CF68DC96BABB7F1FF85318F08492DD199C6242E778A155CB46

Function 008D6536 Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b11ca4dc786c55199e4716914e2d77b40452d74b59ec0d40c7dcab0a40bff37
Instruction ID: 965d1f1d388f89a01413b9490fe7411ce53750e1fae94b4b1e7083b2f0b4aac2
Opcode Fuzzy Hash: 5b11ca4dc786c55199e4716914e2d77b40452d74b59ec0d40c7dcab0a40bff37
Instruction Fuzzy Hash: 26B111B4500B408BC3218F28D991B27BBF2FF46704F14895DE8AA8BB52E735F815CB55

Function 00907710 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 76da256fa9da3238f511045d0667c3a4630f7cd87fec8f377bde64de3d4b916e
Instruction ID: 7786204b4327683db76eda0f0107d3d5c2ebe34acf43a9b9cee6dace1fecd541
Opcode Fuzzy Hash: 76da256fa9da3238f511045d0667c3a4630f7cd87fec8f377bde64de3d4b916e
Instruction Fuzzy Hash: EF916C71A0C301AFE720DA94D881BABF7E6EB85364F54881CF995973D1E730E940CB92

Function 0090A0D0 Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eff005494197008849b90e12d226e58bf6d84ce0f62cd71b08d1243c999ad78b
Instruction ID: 926b0e4bf95ea5a125a32d34a531c78afea06411d63325d7068651e0712422c9
Opcode Fuzzy Hash: eff005494197008849b90e12d226e58bf6d84ce0f62cd71b08d1243c999ad78b
Instruction Fuzzy Hash: 2D817B342097019FD724DF28D880A2EB7F9EF99750F55892CE586CB2A1E731EC51CB92

Function 008F64F0 Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cdc83dd647f01ff92d52541981da7359e57923cd2e823fb5833b682f48521e6
Instruction ID: fbc26010825ea3c72cf907c03351b1ce660d2cffacfcc046dbcae48f2bf6a825
Opcode Fuzzy Hash: 7cdc83dd647f01ff92d52541981da7359e57923cd2e823fb5833b682f48521e6
Instruction Fuzzy Hash: C8710A33B29A984BC3149D7C4C423A5AA43ABE7338B3DC379EAB4DB3E5E5294C155350

Function 008E28E9 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c91d22bbbe09e2d43b9690a0c37d5d9e06baba4f96541565f9c539e7d24033e9
Instruction ID: 40967719f51e939930cac621594692b3f7bf22bb040e9ad235017e0ab1e38ba7
Opcode Fuzzy Hash: c91d22bbbe09e2d43b9690a0c37d5d9e06baba4f96541565f9c539e7d24033e9
Instruction Fuzzy Hash: AF6178B45183909BD310AF1AD851A2BBBF4FFA6754F08891CF4C58B261E37AD910CB67

Function 008E7C00 Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2222a21217d1cf8bbbf3374360263a231272bcc9d5e4003ab3cc87baff67939
Instruction ID: 26c86a83a74ec754cacff7d8980f8a2c07e790316cccd8531f5eeaa9205fbcb4
Opcode Fuzzy Hash: c2222a21217d1cf8bbbf3374360263a231272bcc9d5e4003ab3cc87baff67939
Instruction Fuzzy Hash: 7C519DB1708245ABDB209B25CC86B7733B8FF86758F144558F986CB291F375D805C762

Function 009652EC Relevance: .2, Instructions: 234COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9cf6bd2a9cba2c9724784b7685c26ec0e04180f4f00ad9581ca51e4639d33b20
Instruction ID: f20c1d13e23fe75b1a09fb81920b7c1b350a75ebc87f1f7e9ed2a1b0bd91251f
Opcode Fuzzy Hash: 9cf6bd2a9cba2c9724784b7685c26ec0e04180f4f00ad9581ca51e4639d33b20
Instruction Fuzzy Hash: 8A71D1F3E182209BF7106968DC857A6BBD5EB54320F1B4A3DDE88A77C4E53A5C0487C2

Function 008F1860 Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
Instruction ID: 2502b82d0a8e1f6f03766d5137f8318dde11d3aab49b1f00fc3e088690e0ead6
Opcode Fuzzy Hash: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
Instruction Fuzzy Hash: 9F619B31709319DBDB14CA39C58822EBBE2FBC5390FA4892DE689CB255D6B0DD819741

Function 008F82D0 Relevance: .2, Instructions: 215COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a23c0bcedc4c4faef13a19094526dad3a488b0edc5dc20d45a19ddf395cbef5c
Instruction ID: 7db35c0f634cbd8c97b23431aaca8f82fe0bb8a6253f6e56c2c4e53981b94f32
Opcode Fuzzy Hash: a23c0bcedc4c4faef13a19094526dad3a488b0edc5dc20d45a19ddf395cbef5c
Instruction Fuzzy Hash: CA614723B1E998CBC314463C5C453B66A83ABE6738F3EC3659AB1CB3F4CD6948015391

Function 008D42FC Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae0e64dbe72f39b0d142be221855ea3ccf2a306d97383ff0b258f2e48fa742e1
Instruction ID: fa1c120570fa0844a841f15731895beedc6845ae886b4d4a0c24086096c7e267
Opcode Fuzzy Hash: ae0e64dbe72f39b0d142be221855ea3ccf2a306d97383ff0b258f2e48fa742e1
Instruction Fuzzy Hash: E481BFB4810B00AFD360AF39D947757BEF4FB06201F504A2DE4EA96695E730A459CBE3

Function 008FE8A0 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
Instruction ID: 203d0d8e91047bd636b19cede3d197eb735188613188e88f56e7523b72eda695
Opcode Fuzzy Hash: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
Instruction Fuzzy Hash: BF515BB16087548FE314DF69D49436BBBE1BBC5318F044A2DE5E9873A0E379D6088B92

Function 0097394A Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49adc6b6df6e28248b35f40a1726fc23c9d585cf241e430581bd47846e26fb0f
Instruction ID: 03ea69c99b970e5781bf0d73308fd52a2592bd964acf2a5f770b23c021f22314
Opcode Fuzzy Hash: 49adc6b6df6e28248b35f40a1726fc23c9d585cf241e430581bd47846e26fb0f
Instruction Fuzzy Hash: F25116F3A081045BF344A93CEC457BBBAD6DB84320F1A853DEB89D3B84ED395804428A

Function 00907520 Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f074cc248b384b42cb077d9a7cfd11e83c3b4e52f020c53b9aa77dfe67bbc2fb
Instruction ID: 7ac7b6d0f5dc80d02342d7465ac03187198fd7891b92118c0a0283719cd6b34e
Opcode Fuzzy Hash: f074cc248b384b42cb077d9a7cfd11e83c3b4e52f020c53b9aa77dfe67bbc2fb
Instruction Fuzzy Hash: 7E51D531A0C600AFC7159A58CC91B2EF7E6EBC5364F698A2CE4D5573D1D632AC10CB92

Function 008C5A50 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84eed43d5e55db701e71b7bdf4fdf9ac831d8674505cf049a76c65df8d223f00
Instruction ID: bb1dbe469b38ec12f887462f0c91cc7eff1c6f66c584327fbb79c74e6db60211
Opcode Fuzzy Hash: 84eed43d5e55db701e71b7bdf4fdf9ac831d8674505cf049a76c65df8d223f00
Instruction Fuzzy Hash: B4519EB5A047149FCB149F18C890E26B7B1FF85328F15466CE89A8B352D631EC82CB92

Function 00B07E3D Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9e5c388198038795b6466b9cdcbe48ddad5883fe541901c23b6d5654ead063d
Instruction ID: 71ef66d64e32548f970ab2e867da84422bffac52a2940cea66cfbf35890b8871
Opcode Fuzzy Hash: c9e5c388198038795b6466b9cdcbe48ddad5883fe541901c23b6d5654ead063d
Instruction Fuzzy Hash: C14194B351C6149FE304EE68DC8266AB7E5EB58220F1A493DEAC5D3740E635A8008A97

Function 00A8BB9F Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 278b49f6fead739534a5931014213e8490e4cefa33410f2785bf85e37d928f96
Instruction ID: 6f0419ea52f331575edb4276108b599d6776f436816257ef05f18dcd52463064
Opcode Fuzzy Hash: 278b49f6fead739534a5931014213e8490e4cefa33410f2785bf85e37d928f96
Instruction Fuzzy Hash: DA41C2B3A08210AFE3046E1DDD8576AFBE9EFD8721F1A453EE6C8C3A44D67449418692

Function 008EEC48 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6a949b3f9facd4aef40e03e61e3b19f83dfc3007ec55b0cb49f4a2e6c9f4da4
Instruction ID: f962dcfebfa0aa42b6913d7dd6aab209aee5c3eabdc227fb5eefcfb942708ce3
Opcode Fuzzy Hash: e6a949b3f9facd4aef40e03e61e3b19f83dfc3007ec55b0cb49f4a2e6c9f4da4
Instruction Fuzzy Hash: 1C419E74A1035ADBDF208F59DC91BA9B7B0FF0A300F144548E945AB3A1EB39A951CB91

Function 00909B60 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8ff58fef814cbf624c87c571904992dc862ba0c8b2a2a99260640019e6658fb
Instruction ID: 2717c62b05054b73df3bfec02193aea5db11657ac0e683acd18f742542445bf9
Opcode Fuzzy Hash: e8ff58fef814cbf624c87c571904992dc862ba0c8b2a2a99260640019e6658fb
Instruction Fuzzy Hash: CA418E74A0C310AFE710DB15D991B2BB7EAEB85714F55882CF5CA972D2D335E800CBA2

Function 008D2030 Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c42c0cfe36fff0602ac08e50d2bc0eb15acb4d1802676c9f07a7ac1a4ef22009
Instruction ID: 3c966f350ccd30666760e8312de9acdd146224a827eadab69ac46e18d2f1f8de
Opcode Fuzzy Hash: c42c0cfe36fff0602ac08e50d2bc0eb15acb4d1802676c9f07a7ac1a4ef22009
Instruction Fuzzy Hash: 9641D572A083654FD75CCF2A849023ABBE2ABD5310F09C76EE4E6873D0DA748D45DB81

Function 00A6CC20 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4c01f05e549d693199744cbbca5804d01eb80f3c6896d72671c1a8d8d5efc92
Instruction ID: 83fe3814794c59a07f6ea9302374147fa8d17975d1e9c2d2b965a1531e0f6cf9
Opcode Fuzzy Hash: f4c01f05e549d693199744cbbca5804d01eb80f3c6896d72671c1a8d8d5efc92
Instruction Fuzzy Hash: 4C410AF3E082049BE314BF29DC4572ABBD6EB94310F1A493DDBC9C7380E975A8158786

Function 008D1E93 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4947cfc15a943a7280af9f899c53c785ca7ca8b6c6bbeda7b9ccb2533876cf5d
Instruction ID: 038a6708f523ca9bad4ca37dd8a016f0ac8d3e14a5468df89b90517596b088af
Opcode Fuzzy Hash: 4947cfc15a943a7280af9f899c53c785ca7ca8b6c6bbeda7b9ccb2533876cf5d
Instruction Fuzzy Hash: FF41007451C380ABC720AB58C888B1EFBF5FB9A754F144A1DF6C497392C376E8148B66

Function 00A6DF43 Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db7c9fe19bafed4f609a7dc2e7c72ca144ce41807441031d654049335623a3b2
Instruction ID: b28ebdbf22a02b15ae8a78ddc7302fcaedd973f696bb2a2ee5b614551fbea7be
Opcode Fuzzy Hash: db7c9fe19bafed4f609a7dc2e7c72ca144ce41807441031d654049335623a3b2
Instruction Fuzzy Hash: 5D3127F260C3049BE308BE28EC8676BB7D6EB94710F19863DD685C7B84F93955058686

Function 00908D8A Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df40e548f15163dcfad05669116f50cbdb8823a6b86279b6ff0ccd9fa3684800
Instruction ID: 76481e6230db676e5c48ad8149f7882d50e36c8fac2b8b269ce39434d6525b77
Opcode Fuzzy Hash: df40e548f15163dcfad05669116f50cbdb8823a6b86279b6ff0ccd9fa3684800
Instruction Fuzzy Hash: 8C41BD326083518FD704DF68C49062FFBEAAF99300F098A2DD4D59B2E1DB74DD058B82

Function 009DEB94 Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d96ae39d407152e59a8a0e5f96c45e3493b8b5fcd3ba1f60a0f3a558d92a9b3
Instruction ID: d9007cc52dabf37e9335d8ceeed65611c3d4d67ef2a45a3cf3054667d1aac7cb
Opcode Fuzzy Hash: 7d96ae39d407152e59a8a0e5f96c45e3493b8b5fcd3ba1f60a0f3a558d92a9b3
Instruction Fuzzy Hash: 7C316BF3E082145BF3049E69ECC536BB7D6DB94320F1E8239DA88D7784EA789C0542D6

Function 008DD961 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28ec28361afed01deccd6b78279feee324ea216999c9887588e5790a79d0b663
Instruction ID: f998c7df47aad535ef6aaf1ee380fd49fe607297dfdab3b50637ba2911daef93
Opcode Fuzzy Hash: 28ec28361afed01deccd6b78279feee324ea216999c9887588e5790a79d0b663
Instruction Fuzzy Hash: C641BCB16483918BD3309F14C885BAFB7B0FF96360F044A5DE48A8B7A2E7758841CB53

Function 008FF030 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
Instruction ID: 87fa1b4ad63c0b502856c0016b40bf7d07a2624195252e0a25617f116c799037
Opcode Fuzzy Hash: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
Instruction Fuzzy Hash: 852125329082284BC3249B29C48063BF7E4FFD9704F06862EEAC4E7296E7359C10C7E1

Function 009067EF Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 113f880dc2ab8a7b816f3426ffb9f182a5c982af656ea2dee91b0f9c70bdb95b
Instruction ID: a2942a5094c653dd4876ee9593e643de8621ad65b2d442f690b17bf3522a2e64
Opcode Fuzzy Hash: 113f880dc2ab8a7b816f3426ffb9f182a5c982af656ea2dee91b0f9c70bdb95b
Instruction Fuzzy Hash: 8931157051C3829AE714CF14C49062FBBF0AF96794F54990DF4C8AB2A1D334D995CB9A

Function 008E5E70 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0e391463181cd8b8e38e7b0182921a026b5a01353d75e25170565b0847f2354
Instruction ID: 3945963f7294ff02b3056c11a1959fefa40bb0d0e3551e3b2416da094810b672
Opcode Fuzzy Hash: e0e391463181cd8b8e38e7b0182921a026b5a01353d75e25170565b0847f2354
Instruction Fuzzy Hash: FE219CB15082419BC310AF29C85192BB7F4FF92768F448908F4D9DB292E735CA00DBA3

Function 008C49A0 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
Instruction ID: 6742ff07b49fdfd3fa74a95bfc93871d3d6893a8c7a78307cf2689e264b7cdc7
Opcode Fuzzy Hash: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
Instruction Fuzzy Hash: C931E8316482209BD7109E58D8A0F2BB7F1FF84358F18992CE89ACB252D231DC92CB46

Function 009064B8 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45da673167dfc5ec6bb2fcd35f851faad8a4bfa635b315099a6607988e1787ff
Instruction ID: 9d3fbc4b744708f0e5040436c65ea1676a645a0d9d0dacf3a9fcad3dae9947ee
Opcode Fuzzy Hash: 45da673167dfc5ec6bb2fcd35f851faad8a4bfa635b315099a6607988e1787ff
Instruction Fuzzy Hash: 1321347061C241DFD709EF19D880A2EFBF6EB95755F29881CE4C5932A1C335A860DB62

Function 00AB2835 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef66920b7799693e48a1755af7e5ab8f5edb2b493c512754e527240b1783aa3a
Instruction ID: c4f055065417751d8d828a5b5b930a85fa8f518a56aa7f3fabbf8c880181b0ee
Opcode Fuzzy Hash: ef66920b7799693e48a1755af7e5ab8f5edb2b493c512754e527240b1783aa3a
Instruction Fuzzy Hash: 4F2132B211C640DFE309AE69D8825BBF7F9EB84710F22493EE0C6C7211EA3154819757

Function 00B071C8 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6860f03ad64e3ca7847120b6d60d6d7c2554fe2e889e7c72976a18c99d2a062
Instruction ID: 11ab7a76585db3f66be02cefeb90bfada3c1a5d4f4e55480615ebe2aadfe344c
Opcode Fuzzy Hash: b6860f03ad64e3ca7847120b6d60d6d7c2554fe2e889e7c72976a18c99d2a062
Instruction Fuzzy Hash: 13211AB250C7049FE312BF59DC816AAF7E5FF98310F16482DDAD483610E73168508B97

Function 00905700 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5620d0b3ad58f859f9d3240336ec66f4cf33dcaeca65b064572416235e971212
Instruction ID: 8acd9f30d5ea6c769d826a3f2c2a88cea9c4451173acd8e0531bc947c7653b4c
Opcode Fuzzy Hash: 5620d0b3ad58f859f9d3240336ec66f4cf33dcaeca65b064572416235e971212
Instruction Fuzzy Hash: 8411A071A1C240EFD301AF28E845A1BBBF9AF8A710F05C828E4C49B2A1D335D910DB93

Function 008FB650 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction ID: deb3c34f8d58603f8ffb1a69d74aced6348c4b68ff6bc3a798abae0e38ea6fe2
Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction Fuzzy Hash: E911E933A091DD0EC3168D3CC840575BFA36AB7234B594399F4B4DB2D2D7268D8A8354

Function 008F0B80 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
Instruction ID: 6fe3da74ca4c5a96cc82612845006bb168b8ae120f6f1b23f56cea2c68c9aedd
Opcode Fuzzy Hash: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
Instruction Fuzzy Hash: 0E0175F5A003064BE7209E6598D5B3BB2A8FF40768F18452CDA4AD7343DB75EC05CA92

Function 008ED1E1 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91cdf0e866440296e22b767320ff56e3e91b22f8be6dc9e4817c3fdc682cbe41
Instruction ID: 6a09f58a2e594eca7b271996cd7b4abeb566c5827bb31e8542ea97933065dd02
Opcode Fuzzy Hash: 91cdf0e866440296e22b767320ff56e3e91b22f8be6dc9e4817c3fdc682cbe41
Instruction Fuzzy Hash: 4311ECB0418380AFD3109F618484A2FFBE5FBA6754F148C0DF6A49B251C379E819CF56

Function 008C6EA0 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90852ff1ffaeeffc716a1d293e48af70f28541480807709e549374d9a5db9c38
Instruction ID: 9062ba1d9a4715e69758f2992f85c3d6ff9a7960f4a6c183a6c256aa5805766f
Opcode Fuzzy Hash: 90852ff1ffaeeffc716a1d293e48af70f28541480807709e549374d9a5db9c38
Instruction Fuzzy Hash: 1EF0B43A72921A0FA210CDAAB8C4D3BB3A6E7D9355B14553DEA81D3201EDB2E8169190

Function 008FB8C0 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
Instruction ID: 6506d07c58c905065930edc77b6421f51c28c54387ea28b09faa2761b04cb969
Opcode Fuzzy Hash: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
Instruction Fuzzy Hash: 1E0162B3A199610B8348CE3DDC1156BBAD15BD5770F19872DBEF5CB3E0D230C8118695

Function 008DC5F0 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
Instruction ID: afd6f86e1ed7dc578beff9a6215ab27dc393fb41cabbec3b70aacfa27007612f
Opcode Fuzzy Hash: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
Instruction Fuzzy Hash: EB014B72A196204B8308CE3C9C1112ABEE19B86330F158B2EBCFAD73E0D664CD548696

Function 008DB410 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
Instruction ID: d5fb6c2bf45862563d640dadd5c98010dda7e5cc35cd029d20e4447841043bee
Opcode Fuzzy Hash: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
Instruction Fuzzy Hash: 05F0A7B160451497DB22CA559C80B3BBBDDDB96354F1A0537E845D7303D2615845C3EA

Function 008F8220 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84e324aed60efa758340bbd17a15e74c9e4b14afa86473620b7beaeef3e331a7
Instruction ID: 80042cc87370f53750219686de0b84b0d63f472c126d008dddc0ebcd77ae0785
Opcode Fuzzy Hash: 84e324aed60efa758340bbd17a15e74c9e4b14afa86473620b7beaeef3e331a7
Instruction Fuzzy Hash: 5801E4F04147009FD360EF29C445757BBE8EB08714F004A1DE8EECB680D770A5448B82

Function 00901440 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
Instruction ID: 1543c5d4ff24e661c57eb88ee7785043a452c14252d9e655dd38e2c029b5cc8a
Opcode Fuzzy Hash: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
Instruction Fuzzy Hash: F2D05E216083214A9B648E19A400977F7E4EA87B11B49955EF586E31A8D230DC41C2A9

Function 008D1ACD Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e892cf7c6ec550e88a293ca1bbdcc72eadc7c19c84c7a9865c2598991289154
Instruction ID: 20d7c77d1bb16ac969141faa7fcab43bd22582df3287fc28b8f29e5f1f9ec2c9
Opcode Fuzzy Hash: 5e892cf7c6ec550e88a293ca1bbdcc72eadc7c19c84c7a9865c2598991289154
Instruction Fuzzy Hash: A9C01234A3C0008FC204CF00A8A9572B3B8AB0A308700A02AEA02F3A71CA20D406A909

Function 00906094 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3463601d5d6c0d1d4d894c6166d59325cdb855e6e873f4e4a327fc91f368376
Instruction ID: 60ec89444921500ada2da81e53a918f157e3ff7586d49a5707b99cc5a987d488
Opcode Fuzzy Hash: f3463601d5d6c0d1d4d894c6166d59325cdb855e6e873f4e4a327fc91f368376
Instruction Fuzzy Hash: 6DC04C347AC00086D509CE0499515B5E2B69A97654624F019C80723295D128D512E91C

Function 008D1A3C Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 684cee446ce568834c66081cdcde61e3de7a12b0221e251c07897bec0c21a0db
Instruction ID: c3e7f13dd8acdf4d78ef2fe482e84dd132b9c905f4a317da1884f44cb41b9f22
Opcode Fuzzy Hash: 684cee446ce568834c66081cdcde61e3de7a12b0221e251c07897bec0c21a0db
Instruction Fuzzy Hash: DCC04C24A7D0448FC654CE85A8E9531B3A89706308710303A9A02F7671C560D505A509

Function 00905FD6 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715380228.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.1715361921.00000000008C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715413289.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715428083.000000000092A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715442133.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715454916.000000000092C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715550398.0000000000A89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715564173.0000000000A8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715580480.0000000000AA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715609197.0000000000AB0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715621973.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715637270.0000000000ABB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715651946.0000000000AC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715667657.0000000000AD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715682751.0000000000AE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715703976.0000000000B09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715718011.0000000000B0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715731539.0000000000B0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715744603.0000000000B13000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715757037.0000000000B14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715770642.0000000000B18000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715787122.0000000000B20000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715801170.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715816016.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715829953.0000000000B2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715843864.0000000000B36000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715857248.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715869981.0000000000B39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715883472.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715896022.0000000000B41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715912081.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715929258.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715942279.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715982097.0000000000BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BAB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1715995195.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716025715.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1716038446.0000000000BC0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15209cbfee28d4dda7c7b0f7253f9f89939c2b9a62b0d1968f78735e6c1c8b2d
Instruction ID: c7b391ee4c733604255b1c849d8ed832eef1e61978de11c10e88e9aed0d2eeec
Opcode Fuzzy Hash: 15209cbfee28d4dda7c7b0f7253f9f89939c2b9a62b0d1968f78735e6c1c8b2d
Instruction Fuzzy Hash: 70C09224BBC0008BA64DCF18DD519B5F2FA9B8BA18B14F02DC807B3256E138D512D60C

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Windows Analysis Report
file.exe

Function 009050FA Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63
libraryCOMMON

Function 008CFCA0 Relevance: 5.4, Strings: 4, Instructions: 373
COMMON

Function 008CD110 Relevance: 1.7, APIs: 1, Instructions: 168
COMMON

Function 00905BB0 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Function 0090695B Relevance: 1.4, Strings: 1, Instructions: 100
COMMON

Function 008D049B Relevance: .3, Instructions: 264
COMMON

Function 008D0228 Relevance: .2, Instructions: 218
COMMON

Function 00903220 Relevance: 1.6, APIs: 1, Instructions: 59
memoryCOMMON

Function 00903202 Relevance: 1.5, APIs: 1, Instructions: 6
memoryCOMMON