Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1542212
MD5:	f031a66d5204065098bbc0f49e926344
SHA1:	e695a8f3461113fb2e8078f95545d4b1c014a63a
SHA256:	8e51964eeb20bc96f08331b69264cb9c6a341ef7dff93ed81e4576824f599c33
Tags:	exeuser-Bitsight
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Hides threads from debuggers

LummaC encrypted strings found

Machine Learning detection for sample

PE file contains section with special chars

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Detected potential crypto function

Entry point lies outside standard sections

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

file.exe (PID: 2720 cmdline: "C:\Users\user\Desktop\file.exe" MD5: F031A66D5204065098BBC0F49E926344)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["mobbipenju.store", "dissapoiznw.store", "clearancek.site", "spirittunek.store", "licendfilteo.site", "eaglepawnoy.store", "bathdoomgaz.store", "studennotediw.store"], "Build id": "4SD0y4--legendaryy"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Suricata Signatures

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T16:48:31.712686+0200	2056477	1	Domain Observed Used for C2 Detected	192.168.2.6	53835	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T16:48:31.628355+0200	2056471	1	Domain Observed Used for C2 Detected	192.168.2.6	54980	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T16:48:31.668445+0200	2056481	1	Domain Observed Used for C2 Detected	192.168.2.6	57086	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T16:48:31.654575+0200	2056483	1	Domain Observed Used for C2 Detected	192.168.2.6	49256	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T16:48:32.029664+0200	2056473	1	Domain Observed Used for C2 Detected	192.168.2.6	65256	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T16:48:31.643072+0200	2056485	1	Domain Observed Used for C2 Detected	192.168.2.6	57079	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T16:48:32.006617+0200	2056475	1	Domain Observed Used for C2 Detected	192.168.2.6	58614	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T16:48:31.690268+0200	2056479	1	Domain Observed Used for C2 Detected	192.168.2.6	51083	1.1.1.1	53	UDP

ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T16:48:33.665259+0200	2858666	1	Domain Observed Used for C2 Detected	192.168.2.6	49710	104.102.49.254	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://steamcommunity.com:443/profiles/76561199724331900

URL Reputation: Label: malware

Found malware configuration

Source: file.exe.2720.0.memstrmin

Malware Configuration Extractor: LummaC {"C2 url": ["mobbipenju.store", "dissapoiznw.store", "clearancek.site", "spirittunek.store", "licendfilteo.site", "eaglepawnoy.store", "bathdoomgaz.store", "studennotediw.store"], "Build id": "4SD0y4--legendaryy"}

Multi AV Scanner detection for submitted file

Source: file.exe

ReversingLabs: Detection: 39%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: clearancek.site
Source: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: licendfilteo.site
Source: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: spirittunek.store
Source: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: bathdoomgaz.store
Source: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: studennotediw.store
Source: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: dissapoiznw.store
Source: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: eaglepawnoy.store
Source: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: mobbipenju.store
Source: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: clearancek.site
Source: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: 4SD0y4--legendaryy

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49710 version: TLS 1.2

Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00F350FA
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00EFD110
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00EFD110
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh	0_2_00F363B8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00F35700
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	0_2_00F399D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h	0_2_00F3695B
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	0_2_00EFFCA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	0_2_00F00EEC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00F36094
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	0_2_00F34040
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then dec ebx	0_2_00F2F030
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	0_2_00F06F91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, dword ptr [edx]	0_2_00EF1000
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	0_2_00F1D1E1
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00F042FC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_00F12260
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [esi], ax	0_2_00F12260
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00F223E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00F223E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00F223E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_00F223E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00F223E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+14h]	0_2_00F223E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebp, eax	0_2_00EFA300
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh	0_2_00F364B8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	0_2_00F1C470
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00F0D457
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx eax, word ptr [esi+ecx]	0_2_00F31440
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp], 00000000h	0_2_00F0B410
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00F1E40C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [ecx+esi+25h]	0_2_00EF8590
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00F06536
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh	0_2_00F37520
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00F19510
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00F1E66A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_00F2B650
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+08h]	0_2_00F367EF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00F1D7AF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [edi+eax]	0_2_00F37710
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_00F128E9
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+edi]	0_2_00EF49A0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h	0_2_00F0D961
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h	0_2_00F33920
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00F01ACD
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	0_2_00F34A40
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+ebx]	0_2_00EF5A50
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00F01A3C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00F03BE2
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+40h]	0_2_00F01BEE
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_00F20B80
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	0_2_00F39B60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+000006B8h]	0_2_00F0DB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h	0_2_00F0DB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00F39CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh	0_2_00F39CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h	0_2_00F1CCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00F1CCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h	0_2_00F1CCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00F1AC91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [edx], ax	0_2_00F1AC91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [eax+esi+02h], 0000h	0_2_00F1EC48
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh	0_2_00F2FC20
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h	0_2_00F17C00
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00F38D8A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00F1DD29
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh	0_2_00F1FD10
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [ecx+esi]	0_2_00EF6EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp byte ptr [ebx], 00000000h	0_2_00F06EBF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [ebp+00h]	0_2_00EFBEB0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+40h]	0_2_00F01E93
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00F15E70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00F17E60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, word ptr [ecx]	0_2_00F1AE57
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edi, ecx	0_2_00F04E2A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00F35FD6
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [edx], 0000h	0_2_00F0FFDF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h	0_2_00F37FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00F37FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00EF8FD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	0_2_00F06F91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00F2FF70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00F19F62

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.6:57086 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.6:49256 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.6:51083 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.6:65256 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.6:54980 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.6:58614 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.6:53835 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.6:57079 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.6:49710 -> 104.102.49.254:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: mobbipenju.store
Source: Malware configuration extractor	URLs: dissapoiznw.store
Source: Malware configuration extractor	URLs: clearancek.site
Source: Malware configuration extractor	URLs: spirittunek.store
Source: Malware configuration extractor	URLs: licendfilteo.site
Source: Malware configuration extractor	URLs: eaglepawnoy.store
Source: Malware configuration extractor	URLs: bathdoomgaz.store
Source: Malware configuration extractor	URLs: studennotediw.store

Source: Joe Sandbox View

IP Address: 104.102.49.254 104.102.49.254

Source: Joe Sandbox View

ASN Name: AKAMAI-ASUS AKAMAI-ASUS

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: global traffic

HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

Source: file.exe, 00000000.00000003.2165206841.0000000000AC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C42cb6563c5fec8103907e3e99aebe27b; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=d53cd9724c17ac1a847cad24; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type35741Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveFri, 25 Oct 2024 14:48:33 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: clearancek.site
Source: global traffic	DNS traffic detected: DNS query: mobbipenju.store
Source: global traffic	DNS traffic detected: DNS query: eaglepawnoy.store
Source: global traffic	DNS traffic detected: DNS query: dissapoiznw.store
Source: global traffic	DNS traffic detected: DNS query: studennotediw.store
Source: global traffic	DNS traffic detected: DNS query: bathdoomgaz.store
Source: global traffic	DNS traffic detected: DNS query: spirittunek.store
Source: global traffic	DNS traffic detected: DNS query: licendfilteo.site
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com
Source: global traffic	DNS traffic detected: DNS query: sergei-esenin.com

Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:27060
Source: file.exe, 00000000.00000002.2166196865.0000000000B09000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2165947325.0000000000A75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: file.exe, 00000000.00000002.2166196865.0000000000B09000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2165947325.0000000000A75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000000.00000002.2166196865.0000000000B09000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2165947325.0000000000A75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.steampowered.com/
Source: file.exe, 00000000.00000002.2166053911.0000000000A79000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.cloudflare.s
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.cloudflare.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8d
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.cloudflare.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
Source: file.exe, 00000000.00000002.2166053911.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bathdoomgaz.store:443/apiz
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkout.steampowered.com/
Source: file.exe, 00000000.00000002.2166053911.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clearancek.site:443/api
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=ljhW-PbGuX
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=pwVcIAtHNXwg&l=english&am
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/promo/summer2017/stickers.css?v=bZKSp7oNwVPK
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4BMeDcNiCU&l=engli
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1&
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/profilev2.css?v=gNE3gksLVEVa&l=en
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
Source: file.exe, 00000000.00000002.2166196865.0000000000B09000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2165947325.0000000000A75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=W9BX
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=bOP7RorZq4_W&l=englis
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/modalContent.js?v=UuGFpt56D9L4&l=
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=engli
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/profile.js?v=KkhJqW2NGKiM&l=engli
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/promo/stickers.js?v=GfA42_x2_aub&
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpE
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/webui/clientcom.js?v=qYlgdgWOD4Ng&amp
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&l=engl
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&l=
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=Ff_1prscqzeu&
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcV
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&amp
Source: file.exe, 00000000.00000002.2166053911.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://eaglepawnoy.store:443/apiS
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/en/
Source: file.exe, 00000000.00000002.2166053911.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://licendfilteo.site:443/api
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.steampowered.com/
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lv.queniujq.cn
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://medal.tv
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://player.vimeo.com
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.ytimg.com;
Source: file.exe, 00000000.00000002.2166147480.0000000000AC0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165518814.0000000000AC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/
Source: file.exe, 00000000.00000003.2165518814.0000000000AC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/api
Source: file.exe, 00000000.00000002.2166147480.0000000000AC0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165518814.0000000000AC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/t
Source: file.exe, 00000000.00000002.2166053911.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com:443/api
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sketchfab.com
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steam.tv/
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast.akamaized.net
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2166053911.0000000000A90000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/discussions/
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2165947325.0000000000A75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/market/
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: file.exe, 00000000.00000002.2166053911.0000000000A90000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
Source: file.exe, 00000000.00000002.2166196865.0000000000B09000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2165947325.0000000000A75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/workshop/
Source: file.exe, 00000000.00000002.2166053911.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/
Source: file.exe, 00000000.00000002.2166147480.0000000000AC0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165518814.0000000000AC0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165206841.0000000000AC0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C42cb6563c5fec81
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/about/
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/explore/
Source: file.exe, 00000000.00000002.2166196865.0000000000B09000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2165947325.0000000000A75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/legal/
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/mobile
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/news/
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/stats/
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: file.exe, 00000000.00000002.2166053911.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://studennotediw.store:443/api
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/

Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710

Source: unknown

HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49710 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F00228	0_2_00F00228
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F3A0D0	0_2_00F3A0D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F7E0AD	0_2_00F7E0AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F34040	0_2_00F34040
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F02030	0_2_00F02030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F8A022	0_2_00F8A022
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B21E1	0_2_010B21E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EF1000	0_2_00EF1000
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EF71F0	0_2_00EF71F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EFE1A0	0_2_00EFE1A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EF5160	0_2_00EF5160
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EF12F7	0_2_00EF12F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F282D0	0_2_00F282D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F212D0	0_2_00F212D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F223E0	0_2_00F223E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EF13A3	0_2_00EF13A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EFB3A0	0_2_00EFB3A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010752E4	0_2_010752E4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EFA300	0_2_00EFA300
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F264F0	0_2_00F264F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F0049B	0_2_00F0049B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F04487	0_2_00F04487
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F1C470	0_2_00F1C470
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F0C5F0	0_2_00F0C5F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB25BB	0_2_00FB25BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EF35B0	0_2_00EF35B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EF8590	0_2_00EF8590
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0106548C	0_2_0106548C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010BC4DA	0_2_010BC4DA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F386F0	0_2_00F386F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B9728	0_2_010B9728
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EF164F	0_2_00EF164F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F38652	0_2_00F38652
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F2F620	0_2_00F2F620
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F2B8C0	0_2_00F2B8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F2E8A0	0_2_00F2E8A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F21860	0_2_00F21860
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EFA850	0_2_00EFA850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010AF9CC	0_2_010AF9CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F389A0	0_2_00F389A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B5858	0_2_010B5858
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F1098B	0_2_00F1098B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F37AB0	0_2_00F37AB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F38A80	0_2_00F38A80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102EB83	0_2_0102EB83
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0107EB99	0_2_0107EB99
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F34A40	0_2_00F34A40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EF7BF0	0_2_00EF7BF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010ADA3C	0_2_010ADA3C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010BAA65	0_2_010BAA65
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F0DB6F	0_2_00F0DB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01088AE1	0_2_01088AE1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F1CCD0	0_2_00F1CCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F36CBF	0_2_00F36CBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F38C02	0_2_00F38C02
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B3C4B	0_2_010B3C4B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F18D62	0_2_00F18D62
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010AECA7	0_2_010AECA7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F1DD29	0_2_00F1DD29
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F1FD10	0_2_00F1FD10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F06EBF	0_2_00F06EBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EFBEB0	0_2_00EFBEB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F38E70	0_2_00F38E70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F1AE57	0_2_00F1AE57
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F04E2A	0_2_00F04E2A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FCBE00	0_2_00FCBE00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F37FC0	0_2_00F37FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EF8FD0	0_2_00EF8FD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EFAF10	0_2_00EFAF10

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00F0D300 appears 152 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00EFCAA0 appears 48 times

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: ZLIB complexity 0.9996261344884488

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/0@10/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00F28220 CoCreateInstance,

0_2_00F28220

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe

ReversingLabs: Detection: 39%

Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: file.exe	String found in binary or memory: RtlAllocateHeap3Cannot find '%s'. Please, re-install this applicationThunRTMain__vbaVarTstNe

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: file.exe

Static file information: File size 2931712 > 1048576

Source: file.exe

Static PE information: Raw size of yzbnnslb is bigger than: 0x100000 < 0x2a2600

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.ef0000.0.unpack :EW;.rsrc :W;.idata :W;yzbnnslb:EW;jnfhazfa:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;yzbnnslb:EW;jnfhazfa:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x2d7de2 should be: 0x2d01b1

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name: yzbnnslb
Source: file.exe	Static PE information: section name: jnfhazfa
Source: file.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01197108 push 290636B3h; mov dword ptr [esp], eax	0_2_01197A04
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01197108 push eax; mov dword ptr [esp], 64E341B7h	0_2_01197A10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F7E0AD push 1ADA531Ch; mov dword ptr [esp], ebp	0_2_00F7E21E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F7E0AD push eax; mov dword ptr [esp], 3533EDE3h	0_2_00F7E22D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F7E0AD push 2AA7E394h; mov dword ptr [esp], esi	0_2_00F7E28E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011F319B push ebx; mov dword ptr [esp], eax	0_2_011F31FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011F319B push 31007003h; mov dword ptr [esp], eax	0_2_011F3289
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011F319B push 088F1CBDh; mov dword ptr [esp], eax	0_2_011F32A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0113B188 push 680895CDh; mov dword ptr [esp], edx	0_2_0113B1BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0113B188 push ebp; mov dword ptr [esp], 04D332C9h	0_2_0113B249
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0113B188 push 28AE0C7Ah; mov dword ptr [esp], ecx	0_2_0113B274
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F8A022 push eax; mov dword ptr [esp], esp	0_2_00F8A066
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F8A022 push ebp; mov dword ptr [esp], ebx	0_2_00F8A09B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F8A022 push edx; mov dword ptr [esp], edi	0_2_00F8A0DE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F8A022 push 4FCF42E9h; mov dword ptr [esp], ecx	0_2_00F8A173
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F8A022 push eax; mov dword ptr [esp], edi	0_2_00F8A205
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F8A022 push 1791AD5Fh; mov dword ptr [esp], ebx	0_2_00F8A239
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B21E1 push 7FC7FD77h; mov dword ptr [esp], eax	0_2_010B21EA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B21E1 push 1D5742C1h; mov dword ptr [esp], esp	0_2_010B21F2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B21E1 push esi; mov dword ptr [esp], eax	0_2_010B227B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B21E1 push esi; mov dword ptr [esp], edx	0_2_010B22D6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B21E1 push ebp; mov dword ptr [esp], esi	0_2_010B2335
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B21E1 push ebx; mov dword ptr [esp], edi	0_2_010B2375
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B21E1 push 126E0B13h; mov dword ptr [esp], ebx	0_2_010B23B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B21E1 push edx; mov dword ptr [esp], ecx	0_2_010B23C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B21E1 push 59751F7Ah; mov dword ptr [esp], edx	0_2_010B23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B21E1 push edi; mov dword ptr [esp], 55F517A8h	0_2_010B240E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B21E1 push edi; mov dword ptr [esp], edx	0_2_010B242B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B21E1 push edi; mov dword ptr [esp], ecx	0_2_010B2432
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B21E1 push ecx; mov dword ptr [esp], esi	0_2_010B2436
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B21E1 push 30A72E01h; mov dword ptr [esp], esi	0_2_010B246B

Source: file.exe

Static PE information: section name: entropy: 7.984920165696558

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C23BF second address: 10C23DE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jmp 00007F454889E297h 0x0000000c pop edi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C144F second address: 10C1455 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C1703 second address: 10C1711 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F454889E286h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C18C1 second address: 10C18C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C18C8 second address: 10C18D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jno 00007F454889E286h 0x0000000c popad 0x0000000d push ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C18D8 second address: 10C18DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C1A0D second address: 10C1A13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C1A13 second address: 10C1A32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F45493BD410h 0x0000000e ja 00007F45493BD406h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C3513 second address: 10C351A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C351A second address: 10C3527 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C3527 second address: 10C352B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C35B7 second address: 10C35EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F45493BD416h 0x00000009 popad 0x0000000a jo 00007F45493BD408h 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 popad 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F45493BD40Eh 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C35EC second address: 10C36AC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F454889E299h 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c and edi, dword ptr [ebp+122D1CF0h] 0x00000012 jmp 00007F454889E28Ah 0x00000017 push 00000000h 0x00000019 push 00000000h 0x0000001b push edx 0x0000001c call 00007F454889E288h 0x00000021 pop edx 0x00000022 mov dword ptr [esp+04h], edx 0x00000026 add dword ptr [esp+04h], 00000018h 0x0000002e inc edx 0x0000002f push edx 0x00000030 ret 0x00000031 pop edx 0x00000032 ret 0x00000033 push 476BE9B4h 0x00000038 jmp 00007F454889E28Fh 0x0000003d xor dword ptr [esp], 476BE934h 0x00000044 mov ecx, edi 0x00000046 push 00000003h 0x00000048 movsx edx, cx 0x0000004b mov dword ptr [ebp+122D23E4h], ecx 0x00000051 push 00000000h 0x00000053 push 00000000h 0x00000055 push ebp 0x00000056 call 00007F454889E288h 0x0000005b pop ebp 0x0000005c mov dword ptr [esp+04h], ebp 0x00000060 add dword ptr [esp+04h], 00000017h 0x00000068 inc ebp 0x00000069 push ebp 0x0000006a ret 0x0000006b pop ebp 0x0000006c ret 0x0000006d mov edi, dword ptr [ebp+122D235Eh] 0x00000073 push 00000003h 0x00000075 mov ecx, dword ptr [ebp+122D38CDh] 0x0000007b call 00007F454889E289h 0x00000080 je 00007F454889E294h 0x00000086 push eax 0x00000087 push edx 0x00000088 jc 00007F454889E286h 0x0000008e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C36AC second address: 10C36C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jo 00007F45493BD40Eh 0x0000000d jns 00007F45493BD408h 0x00000013 mov eax, dword ptr [esp+04h] 0x00000017 push edx 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C36C9 second address: 10C372A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 mov eax, dword ptr [eax] 0x00000008 pushad 0x00000009 je 00007F454889E288h 0x0000000f pushad 0x00000010 popad 0x00000011 push esi 0x00000012 pushad 0x00000013 popad 0x00000014 pop esi 0x00000015 popad 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a jmp 00007F454889E293h 0x0000001f pop eax 0x00000020 call 00007F454889E28Bh 0x00000025 mov edx, 1ADA99C6h 0x0000002a pop edx 0x0000002b lea ebx, dword ptr [ebp+12443471h] 0x00000031 mov edi, 457C0031h 0x00000036 xchg eax, ebx 0x00000037 jmp 00007F454889E290h 0x0000003c push eax 0x0000003d pushad 0x0000003e push eax 0x0000003f push edx 0x00000040 push eax 0x00000041 push edx 0x00000042 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C372A second address: 10C372E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C3876 second address: 10C38A0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F454889E28Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jmp 00007F454889E28Eh 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C38A0 second address: 10C38B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F45493BD410h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C38B4 second address: 10C38B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C38B8 second address: 10C390F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a pushad 0x0000000b jng 00007F45493BD408h 0x00000011 pushad 0x00000012 popad 0x00000013 jc 00007F45493BD416h 0x00000019 jmp 00007F45493BD410h 0x0000001e popad 0x0000001f mov dword ptr [esp+04h], eax 0x00000023 jmp 00007F45493BD412h 0x00000028 pop eax 0x00000029 mov edi, dword ptr [ebp+122D3C66h] 0x0000002f lea ebx, dword ptr [ebp+1244347Ah] 0x00000035 mov si, di 0x00000038 push eax 0x00000039 pushad 0x0000003a pushad 0x0000003b push ebx 0x0000003c pop ebx 0x0000003d push eax 0x0000003e push edx 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C390F second address: 10C3918 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C39D1 second address: 10C39E8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD413h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C39E8 second address: 10C3A1D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F454889E297h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e pushad 0x0000000f jl 00007F454889E28Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 jno 00007F454889E286h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C3A1D second address: 10C3A2E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C3A2E second address: 10C3A32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C3A32 second address: 10C3A3C instructions: 0x00000000 rdtsc 0x00000002 jo 00007F45493BD406h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D6627 second address: 10D662B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D662B second address: 10D6631 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10BA574 second address: 10BA595 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F454889E298h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10BA595 second address: 10BA59B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E3295 second address: 10E329B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E329B second address: 10E32B3 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F45493BD406h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jbe 00007F45493BD406h 0x00000015 push edx 0x00000016 pop edx 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E32B3 second address: 10E32BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E35F8 second address: 10E35FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E35FC second address: 10E3602 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E3756 second address: 10E375C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E38E9 second address: 10E3953 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F454889E294h 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007F454889E290h 0x00000011 jg 00007F454889E286h 0x00000017 jmp 00007F454889E28Ch 0x0000001c popad 0x0000001d pop edi 0x0000001e pushad 0x0000001f jl 00007F454889E296h 0x00000025 pushad 0x00000026 popad 0x00000027 jmp 00007F454889E28Eh 0x0000002c push eax 0x0000002d push edx 0x0000002e jc 00007F454889E286h 0x00000034 jmp 00007F454889E28Ch 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E3AB2 second address: 10E3AC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F45493BD406h 0x0000000a push eax 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E3AC0 second address: 10E3ADC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F454889E295h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E3C5A second address: 10E3C62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push edi 0x00000007 pop edi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E3C62 second address: 10E3C66 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E3C66 second address: 10E3C72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F45493BD406h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E3C72 second address: 10E3C7E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 jns 00007F454889E286h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E3C7E second address: 10E3C91 instructions: 0x00000000 rdtsc 0x00000002 js 00007F45493BD406h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jne 00007F45493BD406h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E4059 second address: 10E405D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E405D second address: 10E406F instructions: 0x00000000 rdtsc 0x00000002 je 00007F45493BD406h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jns 00007F45493BD412h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E406F second address: 10E4081 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F454889E286h 0x0000000a jo 00007F454889E28Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E45A8 second address: 10E45D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F45493BD411h 0x00000009 jg 00007F45493BD406h 0x0000000f popad 0x00000010 jnc 00007F45493BD40Ch 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E45D4 second address: 10E45D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E45D8 second address: 10E45F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F45493BD413h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push ebx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E4C06 second address: 10E4C0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E4DE6 second address: 10E4DEA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E4DEA second address: 10E4DF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E4DF0 second address: 10E4DF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E4DF6 second address: 10E4DFA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E4F3A second address: 10E4F40 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E4F40 second address: 10E4F54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F454889E28Ch 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E4F54 second address: 10E4F61 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E50EF second address: 10E50F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10AE7D2 second address: 10AE7DC instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10AE7DC second address: 10AE7E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10AE7E2 second address: 10AE7E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EB7AB second address: 10EB7B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EB7B1 second address: 10EB7B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EFB48 second address: 10EFB4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EFB4C second address: 10EFB5E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD40Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EFCCF second address: 10EFCF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F454889E286h 0x0000000a push edi 0x0000000b pop edi 0x0000000c jmp 00007F454889E28Dh 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 ja 00007F454889E2A2h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EFCF3 second address: 10EFD25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F45493BD416h 0x00000009 jmp 00007F45493BD418h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F0048 second address: 10F0058 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push esi 0x00000007 pop esi 0x00000008 jo 00007F454889E286h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F01A6 second address: 10F01AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F1A9A second address: 10F1AA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F1AA0 second address: 10F1AAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F1AAA second address: 10F1AC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F454889E286h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F454889E28Dh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F1AC4 second address: 10F1AD7 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F45493BD406h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push esi 0x00000010 pop esi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F1AD7 second address: 10F1AE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F1AE4 second address: 10F1AE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F66C7 second address: 10F66CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F66CB second address: 10F66EA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD417h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F66EA second address: 10F6713 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push eax 0x0000000c push eax 0x0000000d push esi 0x0000000e pop esi 0x0000000f pop eax 0x00000010 pop eax 0x00000011 mov eax, dword ptr [eax] 0x00000013 jmp 00007F454889E28Ch 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c push eax 0x0000001d pushad 0x0000001e pushad 0x0000001f popad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F6713 second address: 10F673A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 pop eax 0x00000007 mov esi, dword ptr [ebp+122D3ABAh] 0x0000000d push F656D5B4h 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F45493BD411h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F673A second address: 10F6740 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F6ADE second address: 10F6AE4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F6BAA second address: 10F6BB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F454889E286h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F759D second address: 10F75A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F75A1 second address: 10F75B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F454889E291h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F76DC second address: 10F7707 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F45493BD40Ch 0x0000000b popad 0x0000000c push eax 0x0000000d pushad 0x0000000e jc 00007F45493BD412h 0x00000014 jmp 00007F45493BD40Ch 0x00000019 push eax 0x0000001a push edx 0x0000001b push ebx 0x0000001c pop ebx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F78B2 second address: 10F78BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F454889E286h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F79A2 second address: 10F79A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F8655 second address: 10F8659 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F9885 second address: 10F98FA instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F45493BD406h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b nop 0x0000000c jbe 00007F45493BD40Ch 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push esi 0x00000017 call 00007F45493BD408h 0x0000001c pop esi 0x0000001d mov dword ptr [esp+04h], esi 0x00000021 add dword ptr [esp+04h], 00000015h 0x00000029 inc esi 0x0000002a push esi 0x0000002b ret 0x0000002c pop esi 0x0000002d ret 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 push ebp 0x00000033 call 00007F45493BD408h 0x00000038 pop ebp 0x00000039 mov dword ptr [esp+04h], ebp 0x0000003d add dword ptr [esp+04h], 0000001Ah 0x00000045 inc ebp 0x00000046 push ebp 0x00000047 ret 0x00000048 pop ebp 0x00000049 ret 0x0000004a push eax 0x0000004b push eax 0x0000004c push edx 0x0000004d jmp 00007F45493BD417h 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F98FA second address: 10F9904 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F454889E28Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FACC8 second address: 10FACDC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F45493BD40Fh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FACDC second address: 10FACE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FCDE3 second address: 10FCDFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F45493BD414h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FCDFC second address: 10FCE01 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110120B second address: 110120F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110120F second address: 1101215 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1101215 second address: 1101232 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F45493BD419h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110215E second address: 1102165 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110144A second address: 1101467 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD413h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1102165 second address: 11021A7 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b mov ebx, dword ptr [ebp+122D235Eh] 0x00000011 push 00000000h 0x00000013 mov ebx, edi 0x00000015 mov bx, ax 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push ebx 0x0000001d call 00007F454889E288h 0x00000022 pop ebx 0x00000023 mov dword ptr [esp+04h], ebx 0x00000027 add dword ptr [esp+04h], 00000019h 0x0000002f inc ebx 0x00000030 push ebx 0x00000031 ret 0x00000032 pop ebx 0x00000033 ret 0x00000034 push eax 0x00000035 push eax 0x00000036 push edx 0x00000037 push eax 0x00000038 push edx 0x00000039 push edx 0x0000003a pop edx 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11021A7 second address: 11021AD instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11022B3 second address: 11022B9 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11022B9 second address: 11022C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F45493BD406h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1103F5D second address: 1103F63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1103F63 second address: 1103F67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110402F second address: 1104035 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1104035 second address: 110405A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 jmp 00007F45493BD418h 0x0000000b pop edi 0x0000000c popad 0x0000000d push eax 0x0000000e pushad 0x0000000f push edi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110405A second address: 1104074 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F454889E293h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1104074 second address: 1104078 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1104F90 second address: 1104F94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1104F94 second address: 1104FB4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F45493BD40Ch 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 push eax 0x00000015 pop eax 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1104FB4 second address: 1104FBE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F454889E286h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1104FBE second address: 1104FC2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110505D second address: 110506F instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F454889E286h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a js 00007F454889E28Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11051E7 second address: 11051EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1107087 second address: 110708B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11061FF second address: 1106206 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1106206 second address: 110620C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110620C second address: 1106210 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1106210 second address: 110621F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110621F second address: 1106225 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11081B9 second address: 11081BF instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11081BF second address: 11081C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11081C5 second address: 11081C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110831F second address: 1108323 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1108323 second address: 1108329 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1108329 second address: 11083D3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD413h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push ecx 0x0000000d call 00007F45493BD408h 0x00000012 pop ecx 0x00000013 mov dword ptr [esp+04h], ecx 0x00000017 add dword ptr [esp+04h], 00000019h 0x0000001f inc ecx 0x00000020 push ecx 0x00000021 ret 0x00000022 pop ecx 0x00000023 ret 0x00000024 mov dword ptr [ebp+1244383Bh], ebx 0x0000002a mov ebx, ecx 0x0000002c push dword ptr fs:[00000000h] 0x00000033 pushad 0x00000034 mov dword ptr [ebp+122D35DBh], ecx 0x0000003a clc 0x0000003b popad 0x0000003c mov dword ptr fs:[00000000h], esp 0x00000043 push eax 0x00000044 mov dword ptr [ebp+122D1EA3h], edx 0x0000004a pop ebx 0x0000004b mov eax, dword ptr [ebp+122D0885h] 0x00000051 mov ebx, dword ptr [ebp+12450943h] 0x00000057 push FFFFFFFFh 0x00000059 push 00000000h 0x0000005b push esi 0x0000005c call 00007F45493BD408h 0x00000061 pop esi 0x00000062 mov dword ptr [esp+04h], esi 0x00000066 add dword ptr [esp+04h], 0000001Dh 0x0000006e inc esi 0x0000006f push esi 0x00000070 ret 0x00000071 pop esi 0x00000072 ret 0x00000073 mov dword ptr [ebp+122DBBC4h], edi 0x00000079 mov ebx, dword ptr [ebp+122D1D3Ah] 0x0000007f nop 0x00000080 jl 00007F45493BD414h 0x00000086 push eax 0x00000087 push edx 0x00000088 pushad 0x00000089 popad 0x0000008a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11083D3 second address: 11083D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110A2B6 second address: 110A2BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110A2BA second address: 110A2CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jne 00007F454889E286h 0x00000010 push eax 0x00000011 pop eax 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110B2FF second address: 110B305 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110B305 second address: 110B375 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F454889E296h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c sub edi, dword ptr [ebp+122D3B1Ah] 0x00000012 mov bh, 31h 0x00000014 push 00000000h 0x00000016 mov ebx, dword ptr [ebp+122D3D02h] 0x0000001c push 00000000h 0x0000001e push 00000000h 0x00000020 push ebp 0x00000021 call 00007F454889E288h 0x00000026 pop ebp 0x00000027 mov dword ptr [esp+04h], ebp 0x0000002b add dword ptr [esp+04h], 00000014h 0x00000033 inc ebp 0x00000034 push ebp 0x00000035 ret 0x00000036 pop ebp 0x00000037 ret 0x00000038 clc 0x00000039 xchg eax, esi 0x0000003a jmp 00007F454889E299h 0x0000003f push eax 0x00000040 pushad 0x00000041 jp 00007F454889E28Ch 0x00000047 push eax 0x00000048 push edx 0x00000049 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110C31D second address: 110C321 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110C321 second address: 110C325 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110C325 second address: 110C3AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push ecx 0x0000000d call 00007F45493BD408h 0x00000012 pop ecx 0x00000013 mov dword ptr [esp+04h], ecx 0x00000017 add dword ptr [esp+04h], 00000017h 0x0000001f inc ecx 0x00000020 push ecx 0x00000021 ret 0x00000022 pop ecx 0x00000023 ret 0x00000024 jbe 00007F45493BD40Ah 0x0000002a mov di, 5D74h 0x0000002e push 00000000h 0x00000030 mov bx, 0E2Eh 0x00000034 push ecx 0x00000035 mov di, dx 0x00000038 pop ebx 0x00000039 push 00000000h 0x0000003b push 00000000h 0x0000003d push ecx 0x0000003e call 00007F45493BD408h 0x00000043 pop ecx 0x00000044 mov dword ptr [esp+04h], ecx 0x00000048 add dword ptr [esp+04h], 0000001Bh 0x00000050 inc ecx 0x00000051 push ecx 0x00000052 ret 0x00000053 pop ecx 0x00000054 ret 0x00000055 mov edi, 17A76A6Dh 0x0000005a xchg eax, esi 0x0000005b push eax 0x0000005c push edx 0x0000005d push esi 0x0000005e jmp 00007F45493BD419h 0x00000063 pop esi 0x00000064 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110A49F second address: 110A4A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11093FD second address: 110940A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pushad 0x0000000b popad 0x0000000c pop ecx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110940A second address: 11094A5 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F454889E28Ch 0x00000008 js 00007F454889E286h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 nop 0x00000011 mov bx, di 0x00000014 push dword ptr fs:[00000000h] 0x0000001b push 00000000h 0x0000001d push ecx 0x0000001e call 00007F454889E288h 0x00000023 pop ecx 0x00000024 mov dword ptr [esp+04h], ecx 0x00000028 add dword ptr [esp+04h], 00000017h 0x00000030 inc ecx 0x00000031 push ecx 0x00000032 ret 0x00000033 pop ecx 0x00000034 ret 0x00000035 mov dword ptr [ebp+122D1D5Eh], edx 0x0000003b mov dword ptr fs:[00000000h], esp 0x00000042 mov ebx, edx 0x00000044 mov eax, dword ptr [ebp+122D0689h] 0x0000004a mov dword ptr [ebp+12448CE6h], edi 0x00000050 push FFFFFFFFh 0x00000052 push 00000000h 0x00000054 push ebx 0x00000055 call 00007F454889E288h 0x0000005a pop ebx 0x0000005b mov dword ptr [esp+04h], ebx 0x0000005f add dword ptr [esp+04h], 0000001Ah 0x00000067 inc ebx 0x00000068 push ebx 0x00000069 ret 0x0000006a pop ebx 0x0000006b ret 0x0000006c mov dword ptr [ebp+122D1D01h], ecx 0x00000072 mov edi, dword ptr [ebp+122D3BC6h] 0x00000078 nop 0x00000079 jnl 00007F454889E28Eh 0x0000007f push eax 0x00000080 push eax 0x00000081 push edx 0x00000082 push ecx 0x00000083 pushad 0x00000084 popad 0x00000085 pop ecx 0x00000086 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110B4AF second address: 110B4B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110C523 second address: 110C533 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F454889E28Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110C533 second address: 110C538 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110C5E0 second address: 110C5F4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a push edx 0x0000000b pop edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e popad 0x0000000f pushad 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11105CD second address: 11105D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11105D2 second address: 11105D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110F702 second address: 110F7B4 instructions: 0x00000000 rdtsc 0x00000002 js 00007F45493BD408h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f sub bx, 16EFh 0x00000014 push dword ptr fs:[00000000h] 0x0000001b xor dword ptr [ebp+122D1D01h], ecx 0x00000021 mov dword ptr fs:[00000000h], esp 0x00000028 push 00000000h 0x0000002a push esi 0x0000002b call 00007F45493BD408h 0x00000030 pop esi 0x00000031 mov dword ptr [esp+04h], esi 0x00000035 add dword ptr [esp+04h], 0000001Dh 0x0000003d inc esi 0x0000003e push esi 0x0000003f ret 0x00000040 pop esi 0x00000041 ret 0x00000042 call 00007F45493BD40Fh 0x00000047 mov ebx, dword ptr [ebp+122D235Ah] 0x0000004d pop edi 0x0000004e mov eax, dword ptr [ebp+122D1691h] 0x00000054 pushad 0x00000055 mov dword ptr [ebp+122D1E17h], ecx 0x0000005b mov dword ptr [ebp+122D2A88h], esi 0x00000061 popad 0x00000062 sub edi, dword ptr [ebp+122D3C56h] 0x00000068 push FFFFFFFFh 0x0000006a push 00000000h 0x0000006c push ebp 0x0000006d call 00007F45493BD408h 0x00000072 pop ebp 0x00000073 mov dword ptr [esp+04h], ebp 0x00000077 add dword ptr [esp+04h], 00000018h 0x0000007f inc ebp 0x00000080 push ebp 0x00000081 ret 0x00000082 pop ebp 0x00000083 ret 0x00000084 push eax 0x00000085 push eax 0x00000086 push edx 0x00000087 push eax 0x00000088 push edx 0x00000089 jmp 00007F45493BD40Eh 0x0000008e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110F7B4 second address: 110F7BA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11106EC second address: 11106F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11106F2 second address: 11106F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11106F8 second address: 11106FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11106FC second address: 1110717 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F454889E286h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jc 00007F454889E28Ch 0x00000015 jl 00007F454889E286h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1110717 second address: 11107D3 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F45493BD408h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b pushad 0x0000000c jbe 00007F45493BD407h 0x00000012 clc 0x00000013 add bx, AA0Ah 0x00000018 popad 0x00000019 push dword ptr fs:[00000000h] 0x00000020 push 00000000h 0x00000022 push ebp 0x00000023 call 00007F45493BD408h 0x00000028 pop ebp 0x00000029 mov dword ptr [esp+04h], ebp 0x0000002d add dword ptr [esp+04h], 00000019h 0x00000035 inc ebp 0x00000036 push ebp 0x00000037 ret 0x00000038 pop ebp 0x00000039 ret 0x0000003a call 00007F45493BD411h 0x0000003f mov edi, 09F01A72h 0x00000044 pop ebx 0x00000045 movzx edi, ax 0x00000048 mov dword ptr fs:[00000000h], esp 0x0000004f call 00007F45493BD40Eh 0x00000054 jmp 00007F45493BD40Ch 0x00000059 pop ebx 0x0000005a mov eax, dword ptr [ebp+122D0811h] 0x00000060 mov dword ptr [ebp+122D23EAh], ebx 0x00000066 push FFFFFFFFh 0x00000068 movsx edi, cx 0x0000006b nop 0x0000006c jmp 00007F45493BD419h 0x00000071 push eax 0x00000072 pushad 0x00000073 jbe 00007F45493BD40Ch 0x00000079 jl 00007F45493BD406h 0x0000007f push eax 0x00000080 push edx 0x00000081 push eax 0x00000082 push edx 0x00000083 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11107D3 second address: 11107D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1112A40 second address: 1112A5B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD417h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1112A5B second address: 1112A62 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B6E49 second address: 10B6E56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jnc 00007F45493BD406h 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1116ECA second address: 1116ED1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1116ED1 second address: 1116EF0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD40Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F45493BD40Bh 0x0000000f push esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1116EF0 second address: 1116F02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push esi 0x00000007 pop esi 0x00000008 jnl 00007F454889E286h 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111730B second address: 1117317 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b pop esi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1117317 second address: 111731D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111731D second address: 1117323 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1117323 second address: 1117329 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1117329 second address: 111733B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD40Eh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111733B second address: 111735A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F454889E28Eh 0x0000000e push eax 0x0000000f push edx 0x00000010 jns 00007F454889E286h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111D65F second address: 111D665 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111D665 second address: 111D669 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111D669 second address: 111D692 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD417h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jl 00007F45493BD410h 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111D7DE second address: 111D7F6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F454889E28Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pushad 0x0000000f popad 0x00000010 pop edi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111D7F6 second address: 111D818 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD415h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111D818 second address: 111D81D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111D81D second address: 111D822 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1121BCF second address: 1121BEE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F454889E293h 0x00000007 jl 00007F454889E28Eh 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1121E9C second address: 1121EB9 instructions: 0x00000000 rdtsc 0x00000002 je 00007F45493BD412h 0x00000008 pushad 0x00000009 jl 00007F45493BD406h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B8A1C second address: 10B8A28 instructions: 0x00000000 rdtsc 0x00000002 je 00007F454889E286h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B8A28 second address: 10B8A42 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pushad 0x00000007 jmp 00007F45493BD411h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11260B3 second address: 11260C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F454889E28Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11260C2 second address: 11260C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11260C8 second address: 11260DF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F454889E28Dh 0x00000007 js 00007F454889E292h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F3A88 second address: 10F3A8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F3A8C second address: 10F3A92 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F3A92 second address: 10F3B71 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F45493BD41Fh 0x00000008 jmp 00007F45493BD419h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f xchg eax, ebx 0x00000010 push 00000000h 0x00000012 push ecx 0x00000013 call 00007F45493BD408h 0x00000018 pop ecx 0x00000019 mov dword ptr [esp+04h], ecx 0x0000001d add dword ptr [esp+04h], 0000001Bh 0x00000025 inc ecx 0x00000026 push ecx 0x00000027 ret 0x00000028 pop ecx 0x00000029 ret 0x0000002a jmp 00007F45493BD414h 0x0000002f call 00007F45493BD40Eh 0x00000034 call 00007F45493BD40Bh 0x00000039 mov di, AEE6h 0x0000003d pop edx 0x0000003e pop edx 0x0000003f jng 00007F45493BD412h 0x00000045 je 00007F45493BD40Ch 0x0000004b xor edi, 2A846774h 0x00000051 push dword ptr fs:[00000000h] 0x00000058 mov dword ptr [ebp+122D38E4h], ebx 0x0000005e mov dword ptr fs:[00000000h], esp 0x00000065 mov edx, 2B47168Ah 0x0000006a mov dword ptr [ebp+12473692h], esp 0x00000070 mov ecx, ebx 0x00000072 cmp dword ptr [ebp+122D3B92h], 00000000h 0x00000079 jne 00007F45493BD4ABh 0x0000007f ja 00007F45493BD40Ah 0x00000085 mov di, 2600h 0x00000089 mov byte ptr [ebp+122D1C05h], 00000047h 0x00000090 movzx edi, ax 0x00000093 mov eax, D49AA7D2h 0x00000098 mov ecx, edx 0x0000009a nop 0x0000009b pushad 0x0000009c jc 00007F45493BD40Ch 0x000000a2 push eax 0x000000a3 push edx 0x000000a4 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F47FE second address: 10F4803 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F4AD3 second address: 10F4AE1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jo 00007F45493BD406h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D8B2D second address: 10D8B3C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F454889E28Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11263EC second address: 112640C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F45493BD418h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112640C second address: 1126410 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1126410 second address: 112641F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b push esi 0x0000000c pop esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112641F second address: 112642E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 pop eax 0x00000008 pushad 0x00000009 popad 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112642E second address: 1126434 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1126560 second address: 1126565 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1126565 second address: 1126596 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jl 00007F45493BD406h 0x00000009 pop edx 0x0000000a jmp 00007F45493BD411h 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 jnp 00007F45493BD406h 0x0000001d popad 0x0000001e pushad 0x0000001f pushad 0x00000020 popad 0x00000021 push ecx 0x00000022 pop ecx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1126596 second address: 112659F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1126715 second address: 1126724 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jnp 00007F45493BD408h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1126724 second address: 112672A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112672A second address: 1126734 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F45493BD406h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1126734 second address: 1126738 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1126CFA second address: 1126CFF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11289CD second address: 11289E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 jng 00007F454889E286h 0x0000000f jc 00007F454889E286h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112FAF3 second address: 112FAF8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B3827 second address: 10B383D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F454889E28Ch 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112E875 second address: 112E879 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112E879 second address: 112E8AD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F454889E298h 0x00000007 jmp 00007F454889E298h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112E8AD second address: 112E8B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112E8B2 second address: 112E8B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112E8B8 second address: 112E8DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F45493BD406h 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push ecx 0x00000012 jp 00007F45493BD406h 0x00000018 pop ecx 0x00000019 jnp 00007F45493BD40Ch 0x0000001f jg 00007F45493BD406h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112EE44 second address: 112EE48 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112F17F second address: 112F183 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112F2D1 second address: 112F2D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112F2D5 second address: 112F2E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b pop edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112F2E1 second address: 112F2E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11333D8 second address: 11333F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F45493BD410h 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11368B0 second address: 11368B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11368B6 second address: 11368BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11368BC second address: 11368DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F454889E286h 0x0000000a popad 0x0000000b push eax 0x0000000c jmp 00007F454889E293h 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 pop eax 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113B513 second address: 113B519 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113B519 second address: 113B525 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F454889E28Eh 0x00000008 push edi 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113B6CC second address: 113B6D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113B6D4 second address: 113B6DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113B6DC second address: 113B6E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F45493BD406h 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113B841 second address: 113B845 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113B845 second address: 113B849 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113B849 second address: 113B84F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113B84F second address: 113B858 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113B858 second address: 113B862 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113C53E second address: 113C544 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113F690 second address: 113F695 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113F695 second address: 113F6E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F45493BD40Dh 0x00000009 pop edx 0x0000000a jno 00007F45493BD415h 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F45493BD411h 0x00000019 push eax 0x0000001a jmp 00007F45493BD40Fh 0x0000001f jl 00007F45493BD406h 0x00000025 pop eax 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113F6E8 second address: 113F6FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F454889E292h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113F885 second address: 113F88D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1146F33 second address: 1146F39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1146F39 second address: 1146F3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1146F3E second address: 1146F66 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F454889E296h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F454889E28Eh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1146F66 second address: 1146F6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114C116 second address: 114C11C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114C3A1 second address: 114C3BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F45493BD410h 0x0000000c jnl 00007F45493BD406h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114C3BE second address: 114C3CA instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jg 00007F454889E286h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114C3CA second address: 114C3EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F45493BD416h 0x00000008 jne 00007F45493BD406h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114C3EB second address: 114C3FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push esi 0x00000007 pop esi 0x00000008 jp 00007F454889E286h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114C3FB second address: 114C401 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114C522 second address: 114C526 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F4591 second address: 10F45AC instructions: 0x00000000 rdtsc 0x00000002 jp 00007F45493BD40Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e ja 00007F45493BD406h 0x00000014 pop ecx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114C9BB second address: 114C9C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114CB1D second address: 114CB3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F45493BD406h 0x0000000a jmp 00007F45493BD411h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114CB3A second address: 114CB4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jo 00007F454889E286h 0x0000000d jo 00007F454889E286h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114CB4D second address: 114CB6B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD418h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1150F61 second address: 1150F65 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11510C2 second address: 11510D6 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F45493BD406h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jbe 00007F45493BD41Ah 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11510D6 second address: 11510FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F454889E28Eh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F454889E294h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1151527 second address: 115154F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pushad 0x0000000a push esi 0x0000000b pop esi 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007F45493BD40Dh 0x00000013 jmp 00007F45493BD40Ch 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1157DE8 second address: 1157DEE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1157DEE second address: 1157DF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1157DF4 second address: 1157DF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115841B second address: 115842D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007F45493BD40Dh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115872C second address: 1158736 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1158736 second address: 115873B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11589CB second address: 11589D5 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F454889E28Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11589D5 second address: 11589F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jl 00007F45493BD40Ch 0x00000014 jg 00007F45493BD406h 0x0000001a push eax 0x0000001b push edx 0x0000001c je 00007F45493BD406h 0x00000022 push ecx 0x00000023 pop ecx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11589F9 second address: 11589FF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115E0C4 second address: 115E0D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115E0D1 second address: 115E0D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115D241 second address: 115D26C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD40Fh 0x00000007 jno 00007F45493BD406h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f je 00007F45493BD40Ch 0x00000015 jl 00007F45493BD406h 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115D26C second address: 115D29A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F454889E296h 0x00000009 jmp 00007F454889E292h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115D29A second address: 115D2A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 pop eax 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115D2A3 second address: 115D2A8 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115D409 second address: 115D418 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 jg 00007F45493BD40Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115D695 second address: 115D69B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115D69B second address: 115D6B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007F45493BD40Dh 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115D831 second address: 115D840 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 ja 00007F454889E286h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115D9BD second address: 115D9CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edi 0x00000008 pop edi 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115D9CA second address: 115D9E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F454889E286h 0x0000000a popad 0x0000000b jmp 00007F454889E28Ch 0x00000010 popad 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115D9E7 second address: 115D9EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115D9EB second address: 115DA1D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F454889E28Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c pop edx 0x0000000d jmp 00007F454889E299h 0x00000012 push ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115DB90 second address: 115DBB4 instructions: 0x00000000 rdtsc 0x00000002 je 00007F45493BD406h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e jmp 00007F45493BD413h 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 pop ecx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116912D second address: 1169133 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1169133 second address: 1169137 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1169137 second address: 1169148 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F454889E28Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1169148 second address: 116917F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD412h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jl 00007F45493BD418h 0x00000010 push eax 0x00000011 push edx 0x00000012 jns 00007F45493BD406h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1169532 second address: 1169536 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1169685 second address: 1169698 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F45493BD406h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d je 00007F45493BD406h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1169698 second address: 116969C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116969C second address: 11696A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1169D38 second address: 1169D3E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1169EC6 second address: 1169F06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jo 00007F45493BD40Eh 0x0000000b jbe 00007F45493BD406h 0x00000011 push eax 0x00000012 pop eax 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F45493BD415h 0x0000001b jmp 00007F45493BD415h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1168CC7 second address: 1168CCB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1168CCB second address: 1168CD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1168CD1 second address: 1168CD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1168CD7 second address: 1168CF9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD414h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jl 00007F45493BD412h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1168CF9 second address: 1168CFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1168CFF second address: 1168D22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 jp 00007F45493BD406h 0x0000000b jmp 00007F45493BD417h 0x00000010 pop edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1168D22 second address: 1168D39 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F454889E292h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116E9AA second address: 116E9C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F45493BD413h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1173495 second address: 11734B1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F454889E298h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11734B1 second address: 11734DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 js 00007F45493BD406h 0x0000000d push esi 0x0000000e pop esi 0x0000000f pop ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F45493BD418h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1173166 second address: 117316C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117316C second address: 1173191 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD40Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F45493BD40Ch 0x0000000f jl 00007F45493BD406h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1173191 second address: 11731AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push ecx 0x00000008 js 00007F454889E286h 0x0000000e pop ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F454889E28Bh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11731AD second address: 11731B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118497A second address: 118498E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 jmp 00007F454889E28Ah 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11843FD second address: 1184403 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1184403 second address: 1184407 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1184407 second address: 118440B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118440B second address: 1184456 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F454889E295h 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e jns 00007F454889E28Eh 0x00000014 js 00007F454889E29Fh 0x0000001a jmp 00007F454889E297h 0x0000001f push edi 0x00000020 pop edi 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1186BA8 second address: 1186BB1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1186872 second address: 1186888 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edi 0x00000007 pushad 0x00000008 jmp 00007F454889E28Ah 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1186888 second address: 1186890 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1186890 second address: 11868BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop ecx 0x00000007 pushad 0x00000008 push edx 0x00000009 pop edx 0x0000000a jmp 00007F454889E28Fh 0x0000000f jmp 00007F454889E28Ah 0x00000014 jno 00007F454889E286h 0x0000001a popad 0x0000001b popad 0x0000001c pushad 0x0000001d push ecx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11868BF second address: 11868C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11868C8 second address: 11868CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11868CC second address: 11868E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD419h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1188388 second address: 118838E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118838E second address: 11883C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD415h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F45493BD416h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11883C2 second address: 11883C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11883C6 second address: 11883CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118D084 second address: 118D088 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118FE0E second address: 118FE12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1195DF2 second address: 1195DF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1195DF6 second address: 1195DFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119CA20 second address: 119CA24 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119CA24 second address: 119CA2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119CA2A second address: 119CA39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jo 00007F454889E286h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119CCE3 second address: 119CCF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F45493BD411h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119CCF9 second address: 119CCFE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119CCFE second address: 119CD1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F45493BD416h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119CD1F second address: 119CD61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F454889E286h 0x0000000a jnc 00007F454889E286h 0x00000010 popad 0x00000011 jmp 00007F454889E297h 0x00000016 push eax 0x00000017 push edx 0x00000018 ja 00007F454889E286h 0x0000001e jmp 00007F454889E292h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119DE7E second address: 119DE9B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD413h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d push esi 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119DE9B second address: 119DEB9 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F454889E286h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b jmp 00007F454889E28Bh 0x00000010 pop edi 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 push ebx 0x00000015 pushad 0x00000016 popad 0x00000017 pop ebx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A2BC0 second address: 11A2BDE instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F45493BD406h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F45493BD410h 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B6B5E second address: 11B6B85 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F454889E297h 0x0000000f jns 00007F454889E286h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B6B85 second address: 11B6B9A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD411h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B6B9A second address: 11B6BB1 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F454889E288h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 pop eax 0x00000011 jng 00007F454889E286h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B6BB1 second address: 11B6BBF instructions: 0x00000000 rdtsc 0x00000002 jo 00007F45493BD406h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B6BBF second address: 11B6BC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B6BC5 second address: 11B6BC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B6BC9 second address: 11B6BE3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F454889E290h 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B6BE3 second address: 11B6BFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F45493BD415h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B8724 second address: 11B872A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E0804 second address: 11E080E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F45493BD406h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E080E second address: 11E0838 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 js 00007F454889E2B6h 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F454889E28Ah 0x00000015 jmp 00007F454889E290h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E0838 second address: 11E0842 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E0842 second address: 11E0846 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E5A89 second address: 11E5A8F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E5A8F second address: 11E5B05 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push ebx 0x0000000b pushad 0x0000000c popad 0x0000000d pop ebx 0x0000000e je 00007F454889E288h 0x00000014 push esi 0x00000015 pop esi 0x00000016 popad 0x00000017 nop 0x00000018 mov edx, dword ptr [ebp+122D3847h] 0x0000001e push 00000004h 0x00000020 movzx edx, cx 0x00000023 call 00007F454889E289h 0x00000028 pushad 0x00000029 jmp 00007F454889E291h 0x0000002e jmp 00007F454889E294h 0x00000033 popad 0x00000034 push eax 0x00000035 jmp 00007F454889E299h 0x0000003a mov eax, dword ptr [esp+04h] 0x0000003e push ebx 0x0000003f push eax 0x00000040 push edx 0x00000041 push edx 0x00000042 pop edx 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E5B05 second address: 11E5B2A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD412h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a mov eax, dword ptr [eax] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 jno 00007F45493BD406h 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E5B2A second address: 11E5B30 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E780F second address: 11E7820 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD40Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E7325 second address: 11E733E instructions: 0x00000000 rdtsc 0x00000002 jng 00007F454889E286h 0x00000008 ja 00007F454889E286h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 jbe 00007F454889E286h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E9499 second address: 11E94B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F45493BD412h 0x0000000b popad 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B10B4B second address: 4B10B4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B10B4F second address: 4B10B53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B10B53 second address: 4B10B59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B10B59 second address: 4B10B5E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B10B5E second address: 4B10BCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 call 00007F454889E290h 0x00000009 pop ecx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d jns 00007F454889E2F6h 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007F454889E297h 0x0000001a sbb ecx, 47E3D38Eh 0x00000020 jmp 00007F454889E299h 0x00000025 popfd 0x00000026 jmp 00007F454889E290h 0x0000002b popad 0x0000002c add eax, ecx 0x0000002e push eax 0x0000002f push edx 0x00000030 push eax 0x00000031 push edx 0x00000032 pushad 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B10BCE second address: 4B10BD4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B10BD4 second address: 4B10C63 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F454889E294h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax+00000860h] 0x0000000f jmp 00007F454889E290h 0x00000014 test eax, eax 0x00000016 pushad 0x00000017 call 00007F454889E28Eh 0x0000001c call 00007F454889E292h 0x00000021 pop ecx 0x00000022 pop ebx 0x00000023 call 00007F454889E290h 0x00000028 mov ax, FA41h 0x0000002c pop ecx 0x0000002d popad 0x0000002e je 00007F45BA6C43A8h 0x00000034 jmp 00007F454889E28Dh 0x00000039 test byte ptr [eax+04h], 00000005h 0x0000003d push eax 0x0000003e push edx 0x0000003f jmp 00007F454889E28Dh 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F921C second address: 10F922A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007F45493BD40Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: F53E3A instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 10EB56C instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 10EB810 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 1112AB0 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 10F3B3D instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 1175650 instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe TID: 2268	Thread sleep time: -30000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 2912	Thread sleep time: -30000s >= -30000s			Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000003.2165405758.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A9E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2166127943.0000000000AAD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2166053911.0000000000A9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: file.exe, 00000000.00000002.2165947325.0000000000A3E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00F35BB0 LdrInitializeThunk,

0_2_00F35BB0

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: file.exe	String found in binary or memory: licendfilteo.site
Source: file.exe	String found in binary or memory: clearancek.site
Source: file.exe	String found in binary or memory: bathdoomgaz.store
Source: file.exe	String found in binary or memory: spirittunek.store
Source: file.exe	String found in binary or memory: dissapoiznw.store
Source: file.exe	String found in binary or memory: studennotediw.store
Source: file.exe	String found in binary or memory: mobbipenju.store
Source: file.exe	String found in binary or memory: eaglepawnoy.store

Source: file.exe, 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: aProgram Manager

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 Process Injection	24 Virtualization/Sandbox Evasion	OS Credential Dumping	631 Security Software Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 PowerShell	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Process Injection	LSASS Memory	24 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	11 Deobfuscate/Decode Files or Information	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	4 Obfuscated Files or Information	NTDS	23 System Information Discovery	Distributed Component Object Model	Input Capture	113 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
file.exe	39%	ReversingLabs	Win32.Infostealer.Tinba
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
https://player.vimeo.com	0%	URL Reputation	safe
https://store.steampowered.com/subscriber_agreement/	0%	URL Reputation	safe
https://www.gstatic.cn/recaptcha/	0%	URL Reputation	safe
http://www.valvesoftware.com/legal.htm	0%	URL Reputation	safe
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	0%	URL Reputation	safe
https://steam.tv/	0%	URL Reputation	safe
http://store.steampowered.com/privacy_agreement/	0%	URL Reputation	safe
https://steamcommunity.com:443/profiles/76561199724331900	100%	URL Reputation	malware
https://store.steampowered.com/points/shop/	0%	URL Reputation	safe
https://lv.queniujq.cn	0%	URL Reputation	safe
https://store.steampowered.com/privacy_agreement/	0%	URL Reputation	safe
https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	0%	URL Reputation	safe
https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016	0%	URL Reputation	safe
https://checkout.steampowered.com/	0%	URL Reputation	safe
https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png	0%	URL Reputation	safe
https://store.steampowered.com/;	0%	URL Reputation	safe
https://store.steampowered.com/about/	0%	URL Reputation	safe
https://help.steampowered.com/en/	0%	URL Reputation	safe
https://store.steampowered.com/news/	0%	URL Reputation	safe
http://store.steampowered.com/subscriber_agreement/	0%	URL Reputation	safe
https://recaptcha.net/recaptcha/;	0%	URL Reputation	safe
https://store.steampowered.com/stats/	0%	URL Reputation	safe
https://medal.tv	0%	URL Reputation	safe
https://broadcast.st.dl.eccdnx.com	0%	URL Reputation	safe
https://store.steampowered.com/steam_refunds/	0%	URL Reputation	safe
https://login.steampowered.com/	0%	URL Reputation	safe
https://store.steampowered.com/legal/	0%	URL Reputation	safe
https://recaptcha.net	0%	URL Reputation	safe
https://store.steampowered.com/	0%	URL Reputation	safe
https://help.steampowered.com/	0%	URL Reputation	safe
https://api.steampowered.com/	0%	URL Reputation	safe
http://store.steampowered.com/account/cookiepreferences/	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
steamcommunity.com	104.102.49.254	true	true	unknown
eaglepawnoy.store	unknown	unknown	true	unknown
bathdoomgaz.store	unknown	unknown	true	unknown
spirittunek.store	unknown	unknown	true	unknown
licendfilteo.site	unknown	unknown	true	unknown
studennotediw.store	unknown	unknown	true	unknown
mobbipenju.store	unknown	unknown	true	unknown
sergei-esenin.com	unknown	unknown	false	unknown
clearancek.site	unknown	unknown	true	unknown
dissapoiznw.store	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Reputation
studennotediw.store	true	unknown
dissapoiznw.store	true	unknown
https://steamcommunity.com/profiles/76561199724331900	true	unknown
eaglepawnoy.store	true	unknown
bathdoomgaz.store	true	unknown
clearancek.site	true	unknown
spirittunek.store	true	unknown
licendfilteo.site	true	unknown
mobbipenju.store	true	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://player.vimeo.com	file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/?subsection=broadcasts	file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcV	file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://sergei-esenin.com/	file.exe, 00000000.00000002.2166147480.0000000000AC0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165518814.0000000000AC0000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/subscriber_agreement/	file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.gstatic.cn/recaptcha/	file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/javascript/modalContent.js?v=UuGFpt56D9L4&l=	file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=engli	file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/javascript/promo/stickers.js?v=GfA42_x2_aub&	file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpE	file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.valvesoftware.com/legal.htm	file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.youtube.com	file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.google.com	file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://eaglepawnoy.store:443/apiS	file.exe, 00000000.00000002.2166053911.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://s.ytimg.com;	file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steam.tv/	file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://licendfilteo.site:443/api	file.exe, 00000000.00000002.2166053911.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=W9BX	file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A78000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&	file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://store.steampowered.com/privacy_agreement/	file.exe, 00000000.00000002.2166196865.0000000000B09000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2165947325.0000000000A75000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&	file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com:443/profiles/76561199724331900	file.exe, 00000000.00000002.2166053911.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp	true	URL Reputation: malware	unknown
https://store.steampowered.com/points/shop/	file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/css/promo/summer2017/stickers.css?v=bZKSp7oNwVPK	file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp	file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1&	file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://sketchfab.com	file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://lv.queniujq.cn	file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/profiles/76561199724331900/inventory/	file.exe, 00000000.00000002.2166196865.0000000000B09000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2165947325.0000000000A75000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.youtube.com/	file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/privacy_agreement/	file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://sergei-esenin.com/t	file.exe, 00000000.00000002.2166147480.0000000000AC0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165518814.0000000000AC0000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/	file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/javascript/webui/clientcom.js?v=qYlgdgWOD4Ng&amp	file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://sergei-esenin.com:443/api	file.exe, 00000000.00000002.2166053911.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016	file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.google.com/recaptcha/	file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://checkout.steampowered.com/	file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b	file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A78000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png	file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/;	file.exe, 00000000.00000002.2166147480.0000000000AC0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165518814.0000000000AC0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165206841.0000000000AC0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/javascript/profile.js?v=KkhJqW2NGKiM&l=engli	file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/about/	file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://bathdoomgaz.store:443/apiz	file.exe, 00000000.00000002.2166053911.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/	file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/my/wishlist/	file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://avatars.cloudflare.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8d	file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&	file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://help.steampowered.com/en/	file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/market/	file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/news/	file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://store.steampowered.com/subscriber_agreement/	file.exe, 00000000.00000002.2166196865.0000000000B09000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2165947325.0000000000A75000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=	file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A78000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org	file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2165947325.0000000000A75000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=ljhW-PbGuX	file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A78000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://recaptcha.net/recaptcha/;	file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/discussions/	file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/stats/	file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=bOP7RorZq4_W&l=englis	file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://medal.tv	file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://broadcast.st.dl.eccdnx.com	file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&amp	file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/steam_refunds/	file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/images/skin_1/arrowDn9x5.gif	file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A78000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v	file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p	file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900	file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1	file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://clearancek.site:443/api	file.exe, 00000000.00000002.2166053911.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/workshop/	file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://login.steampowered.com/	file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/legal/	file.exe, 00000000.00000002.2166196865.0000000000B09000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2165947325.0000000000A75000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&l=engl	file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&l=	file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/css/skin_1/profilev2.css?v=gNE3gksLVEVa&l=en	file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=pwVcIAtHNXwg&l=english&am	file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4BMeDcNiCU&l=engli	file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://recaptcha.net	file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/	file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://studennotediw.store:443/api	file.exe, 00000000.00000002.2166053911.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=Ff_1prscqzeu&	file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C42cb6563c5fec81	file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://127.0.0.1:27060	file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1	file.exe, 00000000.00000002.2166196865.0000000000B09000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2165947325.0000000000A75000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://avatars.cloudflare.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg	file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://avatars.cloudflare.s	file.exe, 00000000.00000002.2166053911.0000000000A79000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A78000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://help.steampowered.com/	file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://api.steampowered.com/	file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://store.steampowered.com/account/cookiepreferences/	file.exe, 00000000.00000002.2166196865.0000000000B09000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2165947325.0000000000A75000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.102.49.254	steamcommunity.com	United States		16625	AKAMAI-ASUS	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1542212
Start date and time:	2024-10-25 16:47:38 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 43s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	2
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@1/0@10/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): dllhost.exe
Excluded domains from analysis (whitelisted): client.wns.windows.com, otelrules.azureedge.net
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: file.exe

Simulations

Behavior and APIs

Time	Type	Description
10:48:30	API Interceptor	4x Sleep call for process: file.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.102.49.254	http://gtm-cn-j4g3qqvf603.steamproxy1.com/	Get hash	malicious	Unknown	Browse	www.valvesoftware.com/legal.htm

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
steamcommunity.com	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	ldr_clp.exe	Get hash	malicious	Unknown	Browse	104.102.49.254
	Instruction_1928.pdf.lnk.download.lnk	Get hash	malicious	LummaC	Browse	104.102.49.254
	ldr_clp.exe	Get hash	malicious	Unknown	Browse	104.102.49.254
	3rd_cc_form_Oct_2024.pdf.lnk.download.lnk	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	9FvJxhtNOD.exe	Get hash	malicious	LummaC	Browse	104.102.49.254

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASUS	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	ldr_clp.exe	Get hash	malicious	Unknown	Browse	104.102.49.254
	Instruction_1928.pdf.lnk.download.lnk	Get hash	malicious	LummaC	Browse	104.102.49.254
	ldr_clp.exe	Get hash	malicious	Unknown	Browse	104.102.49.254
	3rd_cc_form_Oct_2024.pdf.lnk.download.lnk	Get hash	malicious	LummaC	Browse	104.102.49.254
	https://developmentltd.online/	Get hash	malicious	Captcha Phish	Browse	2.19.126.219
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	https://docs.google.com/drawings/d/16aLMbL32wnhWFCR-cOQsVjZ_IjkqNuDyBIYT5G0hJjI/preview?pli=1M6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67n	Get hash	malicious	HTMLPhisher	Browse	23.38.98.97
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	setupbatterycare.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	ldr_clp.exe	Get hash	malicious	Unknown	Browse	104.102.49.254
	Instruction_1928.pdf.lnk.download.lnk	Get hash	malicious	LummaC	Browse	104.102.49.254
	Agreement for YouTube cooperation.pdf.lnk.download.lnk	Get hash	malicious	LummaC	Browse	104.102.49.254
	ldr_clp.exe	Get hash	malicious	Unknown	Browse	104.102.49.254
	3rd_cc_form_Oct_2024.pdf.lnk.download.lnk	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.547270972266092
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	2'931'712 bytes
MD5:	f031a66d5204065098bbc0f49e926344
SHA1:	e695a8f3461113fb2e8078f95545d4b1c014a63a
SHA256:	8e51964eeb20bc96f08331b69264cb9c6a341ef7dff93ed81e4576824f599c33
SHA512:	82c149f7db348d7df585f49ad47bc11651244e6531456faa5d0ee2be9c9d8c57640615757ddb5e83e2912cde2c0b53172607bc302d31b1885015c52f94c12d7a
SSDEEP:	49152:3ycOr4ZhnPAVwsr+KZ7Gp4GPJfPcJW/GotD5lY6/yXq:ic5Zhn4Vw7O7eTFcUGotDHx/
TLSH:	10D54B51B94A72CBC48A1B7C653BCE825D5E43F92F1428C3AC5DE0B96D63CC535BAC28
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...J..f.............................@0...........@..........................p0......}-...@.................................W...k..

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x704000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66FFF14A [Fri Oct 4 13:44:42 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F45487A7C4Ah
setp byte ptr [eax+eax]
add byte ptr [eax], al
add byte ptr [eax], al
jmp 00007F45487A9C45h
add byte ptr [ebx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], cl
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add ecx, dword ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [esi], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add ecx, dword ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, 00h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax+00000000h], eax
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add cl, byte ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
or byte ptr [eax+00000000h], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x5f057	0x6b	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x5f1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x5d000	0x25e00	eb45baec41c62dcc3ac9a48f3c4138f5	False	0.9996261344884488	data	7.984920165696558	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x5e000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x5f000	0x1000	0x200	fe72def8b74193a84232a780098a7ce0	False	0.150390625	data	1.04205214219471	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
yzbnnslb	0x60000	0x2a3000	0x2a2600	198eaa930f64d783b7628480f1222451	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
jnfhazfa	0x303000	0x1000	0x400	f41ea04fc1d2a7f9fccb60fc931b390b	False	0.8232421875	data	6.273592489513518	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x304000	0x3000	0x2200	98c2ca653011354b9578dc331040fe97	False	0.05652573529411765	DOS executable (COM)	0.7021128247880702	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-25T16:48:31.628355+0200	2056471	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)	1	192.168.2.6	54980	1.1.1.1	53	UDP
2024-10-25T16:48:31.643072+0200	2056485	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)	1	192.168.2.6	57079	1.1.1.1	53	UDP
2024-10-25T16:48:31.654575+0200	2056483	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)	1	192.168.2.6	49256	1.1.1.1	53	UDP
2024-10-25T16:48:31.668445+0200	2056481	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)	1	192.168.2.6	57086	1.1.1.1	53	UDP
2024-10-25T16:48:31.690268+0200	2056479	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)	1	192.168.2.6	51083	1.1.1.1	53	UDP
2024-10-25T16:48:31.712686+0200	2056477	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)	1	192.168.2.6	53835	1.1.1.1	53	UDP
2024-10-25T16:48:32.006617+0200	2056475	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)	1	192.168.2.6	58614	1.1.1.1	53	UDP
2024-10-25T16:48:32.029664+0200	2056473	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)	1	192.168.2.6	65256	1.1.1.1	53	UDP
2024-10-25T16:48:33.665259+0200	2858666	ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup	1	192.168.2.6	49710	104.102.49.254	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 25, 2024 16:48:32.085983992 CEST	49710	443	192.168.2.6	104.102.49.254
Oct 25, 2024 16:48:32.086061001 CEST	443	49710	104.102.49.254	192.168.2.6
Oct 25, 2024 16:48:32.086252928 CEST	49710	443	192.168.2.6	104.102.49.254
Oct 25, 2024 16:48:32.121417046 CEST	49710	443	192.168.2.6	104.102.49.254
Oct 25, 2024 16:48:32.121465921 CEST	443	49710	104.102.49.254	192.168.2.6
Oct 25, 2024 16:48:33.005716085 CEST	443	49710	104.102.49.254	192.168.2.6
Oct 25, 2024 16:48:33.005929947 CEST	49710	443	192.168.2.6	104.102.49.254
Oct 25, 2024 16:48:33.009977102 CEST	49710	443	192.168.2.6	104.102.49.254
Oct 25, 2024 16:48:33.009996891 CEST	443	49710	104.102.49.254	192.168.2.6
Oct 25, 2024 16:48:33.010314941 CEST	443	49710	104.102.49.254	192.168.2.6
Oct 25, 2024 16:48:33.059267998 CEST	49710	443	192.168.2.6	104.102.49.254
Oct 25, 2024 16:48:33.064603090 CEST	49710	443	192.168.2.6	104.102.49.254
Oct 25, 2024 16:48:33.107342005 CEST	443	49710	104.102.49.254	192.168.2.6
Oct 25, 2024 16:48:33.665333033 CEST	443	49710	104.102.49.254	192.168.2.6
Oct 25, 2024 16:48:33.665358067 CEST	443	49710	104.102.49.254	192.168.2.6
Oct 25, 2024 16:48:33.665390968 CEST	443	49710	104.102.49.254	192.168.2.6
Oct 25, 2024 16:48:33.665414095 CEST	443	49710	104.102.49.254	192.168.2.6
Oct 25, 2024 16:48:33.665432930 CEST	443	49710	104.102.49.254	192.168.2.6
Oct 25, 2024 16:48:33.665534019 CEST	49710	443	192.168.2.6	104.102.49.254
Oct 25, 2024 16:48:33.665544987 CEST	443	49710	104.102.49.254	192.168.2.6
Oct 25, 2024 16:48:33.665590048 CEST	49710	443	192.168.2.6	104.102.49.254
Oct 25, 2024 16:48:33.665611982 CEST	49710	443	192.168.2.6	104.102.49.254
Oct 25, 2024 16:48:33.790026903 CEST	443	49710	104.102.49.254	192.168.2.6
Oct 25, 2024 16:48:33.790052891 CEST	443	49710	104.102.49.254	192.168.2.6
Oct 25, 2024 16:48:33.790158033 CEST	49710	443	192.168.2.6	104.102.49.254
Oct 25, 2024 16:48:33.790172100 CEST	443	49710	104.102.49.254	192.168.2.6
Oct 25, 2024 16:48:33.790216923 CEST	49710	443	192.168.2.6	104.102.49.254
Oct 25, 2024 16:48:33.790232897 CEST	443	49710	104.102.49.254	192.168.2.6
Oct 25, 2024 16:48:33.790283918 CEST	49710	443	192.168.2.6	104.102.49.254
Oct 25, 2024 16:48:33.790287971 CEST	443	49710	104.102.49.254	192.168.2.6
Oct 25, 2024 16:48:33.790327072 CEST	49710	443	192.168.2.6	104.102.49.254
Oct 25, 2024 16:48:33.790344954 CEST	443	49710	104.102.49.254	192.168.2.6
Oct 25, 2024 16:48:33.790390968 CEST	49710	443	192.168.2.6	104.102.49.254
Oct 25, 2024 16:48:33.792510033 CEST	49710	443	192.168.2.6	104.102.49.254
Oct 25, 2024 16:48:33.792529106 CEST	443	49710	104.102.49.254	192.168.2.6
Oct 25, 2024 16:48:33.792538881 CEST	49710	443	192.168.2.6	104.102.49.254
Oct 25, 2024 16:48:33.792543888 CEST	443	49710	104.102.49.254	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 25, 2024 16:48:31.628355026 CEST	54980	53	192.168.2.6	1.1.1.1
Oct 25, 2024 16:48:31.638720036 CEST	53	54980	1.1.1.1	192.168.2.6
Oct 25, 2024 16:48:31.643071890 CEST	57079	53	192.168.2.6	1.1.1.1
Oct 25, 2024 16:48:31.652606010 CEST	53	57079	1.1.1.1	192.168.2.6
Oct 25, 2024 16:48:31.654575109 CEST	49256	53	192.168.2.6	1.1.1.1
Oct 25, 2024 16:48:31.663978100 CEST	53	49256	1.1.1.1	192.168.2.6
Oct 25, 2024 16:48:31.668445110 CEST	57086	53	192.168.2.6	1.1.1.1
Oct 25, 2024 16:48:31.679173946 CEST	53	57086	1.1.1.1	192.168.2.6
Oct 25, 2024 16:48:31.690268040 CEST	51083	53	192.168.2.6	1.1.1.1
Oct 25, 2024 16:48:31.700205088 CEST	53	51083	1.1.1.1	192.168.2.6
Oct 25, 2024 16:48:31.712686062 CEST	53835	53	192.168.2.6	1.1.1.1
Oct 25, 2024 16:48:32.002490997 CEST	53	53835	1.1.1.1	192.168.2.6
Oct 25, 2024 16:48:32.006617069 CEST	58614	53	192.168.2.6	1.1.1.1
Oct 25, 2024 16:48:32.016015053 CEST	53	58614	1.1.1.1	192.168.2.6
Oct 25, 2024 16:48:32.029664040 CEST	65256	53	192.168.2.6	1.1.1.1
Oct 25, 2024 16:48:32.039948940 CEST	53	65256	1.1.1.1	192.168.2.6
Oct 25, 2024 16:48:32.062340975 CEST	60897	53	192.168.2.6	1.1.1.1
Oct 25, 2024 16:48:32.070322990 CEST	53	60897	1.1.1.1	192.168.2.6
Oct 25, 2024 16:48:33.803566933 CEST	61413	53	192.168.2.6	1.1.1.1
Oct 25, 2024 16:48:33.813601971 CEST	53	61413	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 25, 2024 16:48:31.628355026 CEST	192.168.2.6	1.1.1.1	0x77ed	Standard query (0)	clearancek.site	A (IP address)	IN (0x0001)	false
Oct 25, 2024 16:48:31.643071890 CEST	192.168.2.6	1.1.1.1	0x6217	Standard query (0)	mobbipenju.store	A (IP address)	IN (0x0001)	false
Oct 25, 2024 16:48:31.654575109 CEST	192.168.2.6	1.1.1.1	0x578b	Standard query (0)	eaglepawnoy.store	A (IP address)	IN (0x0001)	false
Oct 25, 2024 16:48:31.668445110 CEST	192.168.2.6	1.1.1.1	0x40a0	Standard query (0)	dissapoiznw.store	A (IP address)	IN (0x0001)	false
Oct 25, 2024 16:48:31.690268040 CEST	192.168.2.6	1.1.1.1	0x3a11	Standard query (0)	studennotediw.store	A (IP address)	IN (0x0001)	false
Oct 25, 2024 16:48:31.712686062 CEST	192.168.2.6	1.1.1.1	0x9eb3	Standard query (0)	bathdoomgaz.store	A (IP address)	IN (0x0001)	false
Oct 25, 2024 16:48:32.006617069 CEST	192.168.2.6	1.1.1.1	0x49ec	Standard query (0)	spirittunek.store	A (IP address)	IN (0x0001)	false
Oct 25, 2024 16:48:32.029664040 CEST	192.168.2.6	1.1.1.1	0x62d9	Standard query (0)	licendfilteo.site	A (IP address)	IN (0x0001)	false
Oct 25, 2024 16:48:32.062340975 CEST	192.168.2.6	1.1.1.1	0x5fa	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Oct 25, 2024 16:48:33.803566933 CEST	192.168.2.6	1.1.1.1	0x8cff	Standard query (0)	sergei-esenin.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 25, 2024 16:48:31.638720036 CEST	1.1.1.1	192.168.2.6	0x77ed	Name error (3)	clearancek.site	none	none	A (IP address)	IN (0x0001)	false
Oct 25, 2024 16:48:31.652606010 CEST	1.1.1.1	192.168.2.6	0x6217	Name error (3)	mobbipenju.store	none	none	A (IP address)	IN (0x0001)	false
Oct 25, 2024 16:48:31.663978100 CEST	1.1.1.1	192.168.2.6	0x578b	Name error (3)	eaglepawnoy.store	none	none	A (IP address)	IN (0x0001)	false
Oct 25, 2024 16:48:31.679173946 CEST	1.1.1.1	192.168.2.6	0x40a0	Name error (3)	dissapoiznw.store	none	none	A (IP address)	IN (0x0001)	false
Oct 25, 2024 16:48:31.700205088 CEST	1.1.1.1	192.168.2.6	0x3a11	Name error (3)	studennotediw.store	none	none	A (IP address)	IN (0x0001)	false
Oct 25, 2024 16:48:32.002490997 CEST	1.1.1.1	192.168.2.6	0x9eb3	Name error (3)	bathdoomgaz.store	none	none	A (IP address)	IN (0x0001)	false
Oct 25, 2024 16:48:32.016015053 CEST	1.1.1.1	192.168.2.6	0x49ec	Name error (3)	spirittunek.store	none	none	A (IP address)	IN (0x0001)	false
Oct 25, 2024 16:48:32.039948940 CEST	1.1.1.1	192.168.2.6	0x62d9	Name error (3)	licendfilteo.site	none	none	A (IP address)	IN (0x0001)	false
Oct 25, 2024 16:48:32.070322990 CEST	1.1.1.1	192.168.2.6	0x5fa	No error (0)	steamcommunity.com		104.102.49.254	A (IP address)	IN (0x0001)	false
Oct 25, 2024 16:48:33.813601971 CEST	1.1.1.1	192.168.2.6	0x8cff	Name error (3)	sergei-esenin.com	none	none	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

steamcommunity.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49710	104.102.49.254	443	2720	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-25 14:48:33 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-10-25 14:48:33 UTC	1917	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https:// [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Fri, 25 Oct 2024 14:48:33 GMT Content-Length: 35741 Connection: close Set-Cookie: sessionid=d53cd9724c17ac1a847cad24; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7C42cb6563c5fec8103907e3e99aebe27b; Path=/; Secure; HttpOnly; SameSite=None
2024-10-25 14:48:33 UTC	14467	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
2024-10-25 14:48:33 UTC	16384	IN	Data Raw: 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74 65 6d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 64 69 73 63 75 73 73 69 6f 6e 73 2f 22 3e 0d 0a 09 09 09 09 09 09 44 69 73 63 75 73 73 69 6f 6e 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74 65 6d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 77 6f 72 6b 73 68 6f 70 2f 22 3e 0d 0a 09 09 09 09 09 09 57 6f 72 6b 73 68 6f 70 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74 Data Ascii: <a class="submenuitem" href="https://steamcommunity.com/discussions/">Discussions</a><a class="submenuitem" href="https://steamcommunity.com/workshop/">Workshop</a><a class="submenuit
2024-10-25 14:48:33 UTC	3768	IN	Data Raw: 63 31 63 64 66 65 62 5f 66 75 6c 6c 2e 6a 70 67 22 3e 0d 0a 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 62 61 64 67 65 69 6e 66 6f 22 3e 0d 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 62 61 64 67 65 69 6e 66 6f 5f 62 61 64 67 65 5f 61 72 65 61 22 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 70 65 Data Ascii: c1cdfeb_full.jpg"></div></div><div class="profile_header_badgeinfo"><div class="profile_header_badgeinfo_badge_area"><a data-panel="{"focusable":true,"clickOnActivate":true}" class="pe
2024-10-25 14:48:33 UTC	1122	IN	Data Raw: 70 72 6f 70 65 72 74 79 20 6f 66 20 74 68 65 69 72 20 72 65 73 70 65 63 74 69 76 65 20 6f 77 6e 65 72 73 20 69 6e 20 74 68 65 20 55 53 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 75 6e 74 72 69 65 73 2e 3c 62 72 2f 3e 53 6f 6d 65 20 67 65 6f 73 70 61 74 69 61 6c 20 64 61 74 61 20 6f 6e 20 74 68 69 73 20 77 65 62 73 69 74 65 20 69 73 20 70 72 6f 76 69 64 65 64 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 6c 69 6e 6b 66 69 6c 74 65 72 2f 3f 75 3d 68 74 74 70 25 33 41 25 32 46 25 32 46 77 77 77 2e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 20 6e 6f 6f 70 65 6e 65 72 22 3e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 3c 2f 61 3e 2e 09 09 Data Ascii: property of their respective owners in the US and other countries.<br/>Some geospatial data on this website is provided by <a href="https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org" target="_blank" rel=" noopener">geonames.org</a>.

Target ID:	0
Start time:	10:48:29
Start date:	25/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xef0000
File size:	2'931'712 bytes
MD5 hash:	F031A66D5204065098BBC0F49E926344
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	60%
Total number of Nodes:	55
Total number of Limit Nodes:	6

Executed Functions

Function 00F350FA Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNEL32(19A41BB1,00000000,00000800), ref: 00F35182

Strings

@^, xrefs: 00F35120
<I$), xrefs: 00F35198
<I$), xrefs: 00F352E3

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID: LibraryLoad
String ID: <I$)$<I$)$@^
API String ID: 1029625771-935358343
Opcode ID: 745974a47322c1bf135ad0c4036340a1ff828cf24d808fcd79d2c290717d247c
Instruction ID: f03f5efd09b7b4ab795f48af2680965554a084027186cedf0509a54a8e0d0b7b
Opcode Fuzzy Hash: 745974a47322c1bf135ad0c4036340a1ff828cf24d808fcd79d2c290717d247c
Instruction Fuzzy Hash: F321AE395083888FC300DF68D88172AB7E4ABAA710F69882CE5C5D7362D736D915DB56

Function 00EFFCA0 Relevance: 5.4, Strings: 4, Instructions: 373
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

V, xrefs: 00EFFEDC
t, xrefs: 00EFFCBE
VY^_, xrefs: 00EFFDFF
J|BJ, xrefs: 00F0000D

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID: J|BJ$V$VY^_$t
API String ID: 0-3701112211
Opcode ID: 08619c00750d9b597397f154725cb42c567e0372284605d5960131c6080d6d4c
Instruction ID: 97704e04feb1d885eee5737874efa0a45bf2046c0b724fec432dd4a04c27b4f0
Opcode Fuzzy Hash: 08619c00750d9b597397f154725cb42c567e0372284605d5960131c6080d6d4c
Instruction Fuzzy Hash: FAD1787560C3809BD310DF14949472FBBE1AF96748F18882CF9C99B292C736DD49EB92

Function 00EFD110 Relevance: 1.7, APIs: 1, Instructions: 168
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(00000000), ref: 00EFD2F0

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 2ef6c301153fbcffd83bb0fd1aeef437faef0bd18ec8bcdceeae640c487d6d50
Instruction ID: 9bad9b8d5e8d073b8f5269c4aab762e7a21e4c143da94df4ad1f947729e7f131
Opcode Fuzzy Hash: 2ef6c301153fbcffd83bb0fd1aeef437faef0bd18ec8bcdceeae640c487d6d50
Instruction Fuzzy Hash: D041467040D344ABD301BB64D945A2EFFE6EF52749F04AC0CE6C4A7262C339D814ABA7

Function 00F35700 Relevance: 1.6, APIs: 1, Instructions: 69
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlReAllocateHeap.NTDLL(?,00000000,?,?), ref: 00F35784

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 91f5d3e97a615e191b54d871bd0204f602b0331b7b9470ff7195683e37e59cbc
Instruction ID: 1c7b0258a6b769bb62052b2aa235f26fd5c4b6f8f24d4c72d06b3e2d79313be6
Opcode Fuzzy Hash: 91f5d3e97a615e191b54d871bd0204f602b0331b7b9470ff7195683e37e59cbc
Instruction Fuzzy Hash: 7711707591C240EBC301AF28EC45A1FBBF5AF96B20F158828E8C49B211D339D915EB97

Function 00F35BB0 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL(00F3973D,005C003F,00000006,?,?,00000018,8C8D8A8B,?,?), ref: 00F35BDE

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82

Function 00F3695B Relevance: 1.4, Strings: 1, Instructions: 100
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

@, xrefs: 00F369C5

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 31bdb1026d91b1231a30e34bec486b99f200bcff64a9be94562171812b904e88
Instruction ID: f762401be079789b520b31d843ea8e06a74c504b825d19892403316f0943ff4a
Opcode Fuzzy Hash: 31bdb1026d91b1231a30e34bec486b99f200bcff64a9be94562171812b904e88
Instruction Fuzzy Hash: 6531ACB1908305AFDB14EF14C89072ABBF1FF95364F04881CE9C6D7261E3389904EB56

Function 00F0049B Relevance: .3, Instructions: 264
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf707319ea96f05a1784848880aad8641d92a78ce5c7782c0cfb839814a86e9a
Instruction ID: 5cc652ca0f06e896d120d9069f66ef6501e44635dbe5092766b2d15221d37a99
Opcode Fuzzy Hash: cf707319ea96f05a1784848880aad8641d92a78ce5c7782c0cfb839814a86e9a
Instruction Fuzzy Hash: 8B915B75600B04CFD728CF25D894B26B7F6FF89314F118A6CE8568B6A1DB30E819EB50

Function 00F00228 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aeefcc42784c96d8bb979561872adc462a3b7932a0e47ce5f844d0f1d069f915
Instruction ID: d73307a19c03934065c628b6110fb146e486212e8b146a01d32a9c556ead83c7
Opcode Fuzzy Hash: aeefcc42784c96d8bb979561872adc462a3b7932a0e47ce5f844d0f1d069f915
Instruction Fuzzy Hash: D1717C75600705DFD724CF24DC94B26B7F6FF4A314F10896CE8568B6A2DB31A819EB60

Function 00F399D0 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f2a655235ddeaaf9931c3e7f6ed01cc1068e9fb190f13b15084715b305b77b7
Instruction ID: 2c175f494f452d331734128afc09ed61ce0866bcfc58a9bb8df348957a783414
Opcode Fuzzy Hash: 8f2a655235ddeaaf9931c3e7f6ed01cc1068e9fb190f13b15084715b305b77b7
Instruction Fuzzy Hash: 5F419F3460C304ABDB14AA15D890B2BFBE5EBC5B34F14892CF5C997251D3B9E901EB62

Function 00F363B8 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: a992c985ee70fea253c9978a930753ec3ade362d131dc498d44e4036ca41d9ec
Instruction ID: bd9e9b228cf3bd7a65e8e41bad6b4a9025048b72a9eb40c1a934bb676165b9e2
Opcode Fuzzy Hash: a992c985ee70fea253c9978a930753ec3ade362d131dc498d44e4036ca41d9ec
Instruction Fuzzy Hash: 1831E474A49301BBDA24DB04CD82F3AB7A6FB91B31F64851CF5C19B2E1D370A811AB56

Function 00F00EEC Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 258db40424f04b7a25d65ceccde515b0f10f96379e74198c709ee7dea02b9f4b
Instruction ID: b9fe138a4085c14fb08ece7b98ea00e922dbd02d9bdcced7e1420a0535277d48
Opcode Fuzzy Hash: 258db40424f04b7a25d65ceccde515b0f10f96379e74198c709ee7dea02b9f4b
Instruction Fuzzy Hash: A4213CB4D0021A9FDB15CF94CC90BBEBBB2FB46305F144809E411BB291C735A901EB64

Function 00F33220 Relevance: 1.6, APIs: 1, Instructions: 59
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(?,00000000), ref: 00F332A6

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: e10b3d25d1a68f4f886f17481843d31853f41100a40cb25db97afa214ea3f041
Instruction ID: ad8adbc5e0c89458ead4fe50db45e19749cda938a04e978d541f14efc9e826f4
Opcode Fuzzy Hash: e10b3d25d1a68f4f886f17481843d31853f41100a40cb25db97afa214ea3f041
Instruction Fuzzy Hash: D2016D3450D2409BC701EF18E845A1ABBE8EF5AB10F054C1CE5C58B361D339DD60EB92

Function 00F33202 Relevance: 1.5, APIs: 1, Instructions: 6
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,00000000), ref: 00F33208

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 1242cb04b67eadf6d14be1aaa21d22f09466ede3aaac97e5fb7ae2217315c01f
Instruction ID: c62852977a6875fb0864f462ec3d2dc67fd22ca3422ad43e24a546710eef5d99
Opcode Fuzzy Hash: 1242cb04b67eadf6d14be1aaa21d22f09466ede3aaac97e5fb7ae2217315c01f
Instruction Fuzzy Hash: F9B012340400005FDA041B00EC0AF003510EB10605F800050A500040B1D1655864D554

Non-executed Functions

Function 00F223E0 Relevance: 33.0, APIs: 4, Strings: 13, Instructions: 3298COMMON

Download Yara Rule

Strings

{l`~, xrefs: 00F2268C
Cx, xrefs: 00F2453D
fedc, xrefs: 00F22782
mlc@, xrefs: 00F2275C
|}&C, xrefs: 00F22F21
aenQ, xrefs: 00F2276A
3<, xrefs: 00F232D6
f@~!, xrefs: 00F225FF
%*+(, xrefs: 00F240EF
:, xrefs: 00F232DD
#v, xrefs: 00F2344B, 00F24861
ggxz, xrefs: 00F22685
`tii, xrefs: 00F22693

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID: %*+($3<$:$Cx$`tii$aenQ$f@~!$fedc$ggxz$mlc@${l`~$|}&C$#v
API String ID: 0-2260822535
Opcode ID: 6eac12310a673c863c5e59d6fc75a407c1d8c3e70ed43af86a5170c53885b2ae
Instruction ID: 3575159236542b306c66c265996433c9b75242d4b76a97e5e7e5dacacbdd2e10
Opcode Fuzzy Hash: 6eac12310a673c863c5e59d6fc75a407c1d8c3e70ed43af86a5170c53885b2ae
Instruction Fuzzy Hash: A733EEB0504B918FD7658F38D590762BBE1BF16304F58499DE4DA8BB82C339F806DBA1

Function 00F0DB6F Relevance: 32.0, Strings: 24, Instructions: 2006COMMON

Download Yara Rule

Strings

dcba, xrefs: 00F0E728
LKJI, xrefs: 00F0E6E6
`onm, xrefs: 00F0E733
tsrq, xrefs: 00F0E6FC
<=:;, xrefs: 00F0E930
<=2, xrefs: 00F0EA01
:WUE, xrefs: 00F0F6B7, 00F0F6C6
D, xrefs: 00F0E846
89&', xrefs: 00F0E93B
89>?, xrefs: 00F0E9F6
lkji, xrefs: 00F0E73E
QNOL, xrefs: 00F0E775
xgfe, xrefs: 00F0E71D
@ONM, xrefs: 00F0E6DB
%*+(, xrefs: 00F0DE37, 00F0DE46
|, xrefs: 00F0ECB1
T, xrefs: 00F0F157
WP, xrefs: 00F0DCEF
`Y^_, xrefs: 00F0E99E
tuJK, xrefs: 00F0E967
DCBA, xrefs: 00F0E887, 00F0E896
mjkh, xrefs: 00F0E7D8
()./, xrefs: 00F0E9CA
AR, xrefs: 00F0DD10

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: %*+($()./$89&'$89>?$:WUE$<=2$<=:;$@ONM$AR$D$DCBA$LKJI$QNOL$T$WP$`Y^_$`onm$dcba$lkji$mjkh$tsrq$tuJK$xgfe$|
API String ID: 2994545307-1418943773
Opcode ID: 4877631e6a8071ea3af8e794a19ac1f42cae674b01b94b53bdedf010b55abf4f
Instruction ID: 4638ce406642b1ffeea3bf76d9b8e07a1f5abe9f4546185c6d8ab60cc15024e7
Opcode Fuzzy Hash: 4877631e6a8071ea3af8e794a19ac1f42cae674b01b94b53bdedf010b55abf4f
Instruction Fuzzy Hash: 27F28AB55093819BD770CF14C884BABBBE2BFD5314F144C2CE4C98B292D7359988EB92

Function 00F19F62 Relevance: 21.7, Strings: 17, Instructions: 473COMMON

Download Yara Rule

Strings

JG, xrefs: 00F1AA27
hi, xrefs: 00F1AB9D
CG, xrefs: 00F1AA32
_Y, xrefs: 00F1A641
sm, xrefs: 00F1A830
kW, xrefs: 00F1A380
=], xrefs: 00F1A36A
N[, xrefs: 00F1A375
(a*c, xrefs: 00F1A147
Gt, xrefs: 00F19FF8
?m,o, xrefs: 00F1A13C
S], xrefs: 00F1A636
]{, xrefs: 00F1A1E7, 00F1A1F3
/), xrefs: 00F1A66D
WQ, xrefs: 00F1A62B
WH, xrefs: 00F1AA1C
%e6g, xrefs: 00F1A152

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID: %e6g$(a*c$=]$?m,o$CG$Gt$JG$N[$WH$]{$hi$kW$/)$S]$WQ$_Y$sm
API String ID: 0-1131134755
Opcode ID: d74e35ecc8a280b26ea5b97864bea01f9eaddccab7146c73e6ef1af76f975a83
Instruction ID: 68a5bb85ba94360fb87ef183d6305f431a996e8d7b372492f9c96af173d26a8b
Opcode Fuzzy Hash: d74e35ecc8a280b26ea5b97864bea01f9eaddccab7146c73e6ef1af76f975a83
Instruction Fuzzy Hash: FE52C7B844D385CAE270CF25D581B8EBAF1BB92740F608A1DE5ED9B255DB708085CF93

Function 00F19510 Relevance: 20.4, Strings: 16, Instructions: 427COMMON

Download Yara Rule

Strings

2A"_, xrefs: 00F19980
B7U1, xrefs: 00F19AFB
B?Q9, xrefs: 00F19B0B
T#a-, xrefs: 00F19AE3
G'M!, xrefs: 00F19ADB
,A&C, xrefs: 00F1982E
z=Q?, xrefs: 00F19826
8;, xrefs: 00F19B13
G+X5, xrefs: 00F19AF3
;IJK, xrefs: 00F1983E
L3Y=, xrefs: 00F19B03
!E4G, xrefs: 00F19836
O+f), xrefs: 00F19634, 00F1963D
pq, xrefs: 00F199E0
X/R), xrefs: 00F19AEB
?M0K, xrefs: 00F19968

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID: !E4G$,A&C$2A"_$8;$;IJK$?M0K$B7U1$B?Q9$G'M!$G+X5$L3Y=$O+f)$T#a-$X/R)$pq$z=Q?
API String ID: 0-655414846
Opcode ID: 5131f6a0e981ff040db793ee5250239ff87870c068c362c99652520bdc418b97
Instruction ID: 7a08f183b900d8e4776e72587ba2c53d48898720bf6ee4d550beb82a3d7b2f66
Opcode Fuzzy Hash: 5131f6a0e981ff040db793ee5250239ff87870c068c362c99652520bdc418b97
Instruction Fuzzy Hash: 6AF16FB4408384ABD300DF15D890A6BBBF4FB8AB48F540D1CF9D59B252D374D948EBA6

Function 00F1DD29 Relevance: 14.9, Strings: 11, Instructions: 1142COMMON

Download Yara Rule

Strings

hX]N, xrefs: 00F1DDC7
,Q?S, xrefs: 00F1E26F
<Y.[, xrefs: 00F1E27D
%*+(, xrefs: 00F1E143
upH}, xrefs: 00F1DE8A, 00F1E798, 00F1DF4A
)IgK, xrefs: 00F1E261
=]+_, xrefs: 00F1E276
Y9N;, xrefs: 00F1E245
{E, xrefs: 00F1E323
n\+H, xrefs: 00F1DDC0
-M2O, xrefs: 00F1E25A

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID: %*+($)IgK$,Q?S$-M2O$<Y.[$=]+_$Y9N;$hX]N$n\+H$upH}${E
API String ID: 0-1557708024
Opcode ID: 0139518610e9fe38e58be6bc917e7195245f7afb5e1e709732c90074ba28ca06
Instruction ID: 941d959089170c03d395280654d92adfb58f7b2484848b0f29471487a5718345
Opcode Fuzzy Hash: 0139518610e9fe38e58be6bc917e7195245f7afb5e1e709732c90074ba28ca06
Instruction Fuzzy Hash: F4921775E00219CFDB04CF68D8517AEBBB2FF5A320F294168E852AB391D735AD41DB90

Function 010BC4DA Relevance: 13.0, Strings: 9, Instructions: 1729COMMON

Download Yara Rule

Strings

6v}, xrefs: 010BCDBD
5}8, xrefs: 010BCB78
1xo, xrefs: 010BCFB9
?7p|, xrefs: 010BD520
70>{, xrefs: 010BD382
?7p|, xrefs: 010BD535
lg#, xrefs: 010BD7E2
30>{, xrefs: 010BD37C
], xrefs: 010BC666

Memory Dump Source

Source File: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID: 1xo$30>{$5}8$6v}$70>{$?7p|$?7p|$lg#$]
API String ID: 0-2739335492
Opcode ID: 8939b6b7298454cda6f89870666e7b0557c74d6e79fb40ab43fc46fbce242582
Instruction ID: 4935ba8dd56d53eaaa48a3af2906a5e6e93223cfd2420e4e0ecbb5d0c5c5951d
Opcode Fuzzy Hash: 8939b6b7298454cda6f89870666e7b0557c74d6e79fb40ab43fc46fbce242582
Instruction Fuzzy Hash: 4BB239F3A0C2049FE304AE2DEC8567ABBDAEFD4360F1A853DE6C4C3744E97558058696

Function 00F1098B Relevance: 10.8, Strings: 8, Instructions: 836COMMON

Download Yara Rule

Strings

&> &, xrefs: 00F10F89
cah`, xrefs: 00F1107E
qrqp, xrefs: 00F11089
%*+(, xrefs: 00F10A77, 00F10A86
,#15, xrefs: 00F10F94
gce/, xrefs: 00F11073
{, xrefs: 00F11502
9.5^, xrefs: 00F10F9F

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID: %*+($&> &$,#15$9.5^$cah`$gce/$qrqp${
API String ID: 0-4102007303
Opcode ID: 8699bda252ec60b6210201624439eb139877cf95938f634786da73914cdfbf52
Instruction ID: 7c3b99e232b32dab757713da740bc2f497ce5be0cd88d84e6f9d1ebf9125c8a7
Opcode Fuzzy Hash: 8699bda252ec60b6210201624439eb139877cf95938f634786da73914cdfbf52
Instruction Fuzzy Hash: 4062CAB5A083858BD330CF14D891BABBBE1FF96314F08492DE49A8B641E7759880DF53

Function 00EF1000 Relevance: 10.5, Strings: 7, Instructions: 1785COMMON

Download Yara Rule

Strings

@, xrefs: 00EF2C40
gfff, xrefs: 00EF2297
gfff, xrefs: 00EF22E1
-, xrefs: 00EF21ED
gfff, xrefs: 00EF2226
0123456789ABCDEFXP, xrefs: 00EF157D, 00EF15EB
0123456789abcdefxp, xrefs: 00EF1587, 00EF15F8

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$@$gfff$gfff$gfff
API String ID: 0-2517803157
Opcode ID: a498a604f4cf5bae7f38ccae331b16188220c6a6a0e9f702de551709631f34ed
Instruction ID: fd29015bbbc06809cf44ddc658ecb9d7491c0a6e96b39eaaf119d3c2e5e9a7bb
Opcode Fuzzy Hash: a498a604f4cf5bae7f38ccae331b16188220c6a6a0e9f702de551709631f34ed
Instruction Fuzzy Hash: 85D213716083498FD718CE28C49037ABBE2AFC5318F189A6DE699E7391D734DD45CB82

Function 010B21E1 Relevance: 10.4, Strings: 7, Instructions: 1623COMMON

Download Yara Rule

Strings

S~;, xrefs: 010B3454
wa, xrefs: 010B31BB
Mz, xrefs: 010B2860
e[K, xrefs: 010B3086
!x@, xrefs: 010B319D
G~, xrefs: 010B2715
~&Wq, xrefs: 010B2901

Memory Dump Source

Source File: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID: !x@$G~$Mz$S~;$wa$~&Wq$e[K
API String ID: 0-3855083731
Opcode ID: 4e4e6a3b7546941ec9a3c6bcf47fff24b3e96816310175a651eeb14475e36184
Instruction ID: f88956f8f62934de535e3cc390b4d902175b79f251329e9e35542a685b6ac793
Opcode Fuzzy Hash: 4e4e6a3b7546941ec9a3c6bcf47fff24b3e96816310175a651eeb14475e36184
Instruction Fuzzy Hash: 97B207F3A082049FE3046E2DDC8567AFBE9EF94720F1A4A3DE6C4C7744E63598058696

Function 010B5858 Relevance: 10.4, Strings: 7, Instructions: 1602COMMON

Download Yara Rule

Strings

DA;f, xrefs: 010B67EF
.}~, xrefs: 010B681A
j(`, xrefs: 010B67E9
+E, xrefs: 010B626D
X~/, xrefs: 010B5BD7
gJ~t, xrefs: 010B5D4A
DZg, xrefs: 010B66ED

Memory Dump Source

Source File: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID: +E$.}~$DA;f$DZg$X~/$gJ~t$j(`
API String ID: 0-2095693618
Opcode ID: 90e206372ee328a8b1ee59b97d9fb06ff4bc80af94a02ca0ebe53bde4f6b5ff8
Instruction ID: a3af75c345f7e513f76e59c252aa0240727d02a3d7abc8914f1fc1a62021baa1
Opcode Fuzzy Hash: 90e206372ee328a8b1ee59b97d9fb06ff4bc80af94a02ca0ebe53bde4f6b5ff8
Instruction Fuzzy Hash: 9CB2F8F360C2049FE304AE2DEC8567AFBE9EF94720F1A893DE6C4C7744E63558058696

Function 010AECA7 Relevance: 9.1, Strings: 6, Instructions: 1643COMMON

Download Yara Rule

Strings

jz_, xrefs: 010AFAE3
P^, xrefs: 010AF5BD
ZAo, xrefs: 010AF5DE
8oxL, xrefs: 010AF051
Y?o, xrefs: 010AFEEB
(w?, xrefs: 010AF798

Memory Dump Source

Source File: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID: (w?$8oxL$ZAo$jz_$P^$Y?o
API String ID: 0-2192824020
Opcode ID: f122466b3aac959ae89decaeb374261434a93dd779adc509fa32d8ed1caf808a
Instruction ID: 04c375514ff1df2c64b21263d74876f49cce75520084d91bb69a7b32aac4d6b3
Opcode Fuzzy Hash: f122466b3aac959ae89decaeb374261434a93dd779adc509fa32d8ed1caf808a
Instruction Fuzzy Hash: D6B218F3A082049FE304AE2DEC8567AF7E5EF94320F16493DEAC5C3744EA3598058697

Function 010BAA65 Relevance: 9.1, Strings: 6, Instructions: 1599COMMON

Download Yara Rule

Strings

)FE, xrefs: 010BAEF2
J, xrefs: 010BAB87
aR4, xrefs: 010BB297
q!_W, xrefs: 010BAC50
8[f, xrefs: 010BBD37
TG_, xrefs: 010BB40E

Memory Dump Source

Source File: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID: J$)FE$8[f$TG_$aR4$q!_W
API String ID: 0-2008518622
Opcode ID: c6eb3869f7a1b697d6a38217b557eed92f9f86e43f6a11c1cf2027a5eca247ca
Instruction ID: 678e822babaf293cf24346335490c2b1fdaf145d2268a9bcb0c1aa0bbe99646c
Opcode Fuzzy Hash: c6eb3869f7a1b697d6a38217b557eed92f9f86e43f6a11c1cf2027a5eca247ca
Instruction Fuzzy Hash: B6B20BF3A082009FE314AE2DEC8567ABBE9EFD4720F16493DE6C4C7744E63598058796

Function 00EF12F7 Relevance: 7.2, Strings: 5, Instructions: 922COMMON

Download Yara Rule

Strings

@, xrefs: 00EF3531
i, xrefs: 00EF28EA
0, xrefs: 00EF243E
0, xrefs: 00EF1E88
0, xrefs: 00EF1DC1

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID: 0$0$0$@$i
API String ID: 0-3124195287
Opcode ID: b38b907964498b4f6e8cee634564c1613c6ddc32cbc38ec862acbbecac7272cd
Instruction ID: 3301524b70168447bf09b21bda525b12761c4ae25552c361c045c0f6e5110f55
Opcode Fuzzy Hash: b38b907964498b4f6e8cee634564c1613c6ddc32cbc38ec862acbbecac7272cd
Instruction Fuzzy Hash: 1F62E47160C3898BC318CF28C49037ABBE1AFD5308F189A5DEAD9A7291D775DD49CB42

Function 00EF164F Relevance: 6.7, Strings: 5, Instructions: 472COMMON

Download Yara Rule

Strings

gfff, xrefs: 00EF1F57
+, xrefs: 00EF1573
0123456789ABCDEFXP, xrefs: 00EF164F
0123456789abcdefxp, xrefs: 00EF1659
gfff, xrefs: 00EF1F3C

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID: +$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
API String ID: 0-1123320326
Opcode ID: 7c6ea8ebb88abccff8b911f027370a2a6c26ce2eae47d0e54406a61c26bbe8a0
Instruction ID: 8576e44c0cce4e5e3f9da5c36aaba7f7cac9a31b0da4e9ee6bfae119f5de876f
Opcode Fuzzy Hash: 7c6ea8ebb88abccff8b911f027370a2a6c26ce2eae47d0e54406a61c26bbe8a0
Instruction Fuzzy Hash: 00F1B13160C3858FC719CE28C48426AFBE2AFD9308F18DA6DE6D997352D774D944CB92

Function 00EF13A3 Relevance: 6.6, Strings: 5, Instructions: 390COMMON

Download Yara Rule

Strings

-, xrefs: 00EF1F23
gfff, xrefs: 00EF1F57
0123456789ABCDEFXP, xrefs: 00EF13A3
0123456789abcdefxp, xrefs: 00EF13AD
gfff, xrefs: 00EF1F3C

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
API String ID: 0-3620105454
Opcode ID: e8c2bc1366b2b3e63873bbac4b0739f23ecd37619a94022b58ebf5ca74c5ad09
Instruction ID: 8cb388bfac2784d8bf930cf98eb50922bcfa3a1670a87265eecd880a7c71b671
Opcode Fuzzy Hash: e8c2bc1366b2b3e63873bbac4b0739f23ecd37619a94022b58ebf5ca74c5ad09
Instruction Fuzzy Hash: 93D1BF3160C7858FC719CE29C48026AFBE2AFD9308F08DA6DE6D997352D334D949CB52

Function 010B3C4B Relevance: 6.6, Strings: 4, Instructions: 1598COMMON

Download Yara Rule

Strings

;`}/, xrefs: 010B4540
r\!G, xrefs: 010B45E5
rr3, xrefs: 010B506A
[);, xrefs: 010B498C

Memory Dump Source

Source File: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID: ;`}/$[);$r\!G$rr3
API String ID: 0-4042806502
Opcode ID: 5f5501d6d958968536e4281584dcbee9485f65f28da2ff433c1e727e0be44146
Instruction ID: 2a7ec91698ed0cd09c4d692f700200df0612ecbe69526a2e857b043d86f16966
Opcode Fuzzy Hash: 5f5501d6d958968536e4281584dcbee9485f65f28da2ff433c1e727e0be44146
Instruction Fuzzy Hash: 1AB2F5F3A0C2049FE3046F2DDC8566ABBE5EF94720F1A892DEAC487744EA3558418787

Function 010ADA3C Relevance: 5.9, Strings: 4, Instructions: 916COMMON

Download Yara Rule

Strings

jEw, xrefs: 010ADAD9
&1/{, xrefs: 010ADBFE
5^, xrefs: 010ADDAC
1e}, xrefs: 010ADBA8

Memory Dump Source

Source File: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID: 5^$&1/{$1e}$jEw
API String ID: 0-1711728574
Opcode ID: b7433aa4f7c023f1ac9dfdd38c6fc19ea9baa492f74ef3093ad89101abd0af56
Instruction ID: fcd0027030d09d2c452dbea1fea94e9468cc9f81e2ad486541a2f378aa914ef9
Opcode Fuzzy Hash: b7433aa4f7c023f1ac9dfdd38c6fc19ea9baa492f74ef3093ad89101abd0af56
Instruction Fuzzy Hash: 45523BF3A082049FD304AE2DDC8576AFBE6EF94720F1A863DEAC4D3744E53598058697

Function 00F1FD10 Relevance: 5.7, Strings: 4, Instructions: 667COMMON

Download Yara Rule

Strings

:, xrefs: 00F20087
m1s3, xrefs: 00F1FEC3, 00F1FECB
uvw, xrefs: 00F1FE95
NA_I, xrefs: 00F2036D

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID: :$NA_I$m1s3$uvw
API String ID: 0-3973114637
Opcode ID: 47475bf50bb4ac4a735ae3e2113a955b0cc0f1a58602234de13c7e5d99456081
Instruction ID: c44985dd673b85b2f130aa4901e11e8f23143d9fd3add316bc8f6f12888f3b43
Opcode Fuzzy Hash: 47475bf50bb4ac4a735ae3e2113a955b0cc0f1a58602234de13c7e5d99456081
Instruction Fuzzy Hash: EC32BCB590C384DFD300DF28E880B2ABBE1BB9A310F14492CF5D58B292D739D955EB52

Function 00F03BE2 Relevance: 5.4, Strings: 4, Instructions: 431COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00F03EC4
;z, xrefs: 00F03C87
ss, xrefs: 00F03C79
p, xrefs: 00F03C80

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID: %*+($;z$p$ss
API String ID: 0-2391135358
Opcode ID: bb8156520c76ef865ac99855ed4c5c56bf6cf5294f2f620bede35851887f32a0
Instruction ID: c45fa66585ad8ff8f74296760a7dae4c151521b2531141aaaf431f06377b1c88
Opcode Fuzzy Hash: bb8156520c76ef865ac99855ed4c5c56bf6cf5294f2f620bede35851887f32a0
Instruction Fuzzy Hash: AD027CB4810B00DFD760EF24D986756BFF5FB02701F50895CE89A9B696E334E418DBA2

Function 00F12260 Relevance: 5.4, Strings: 4, Instructions: 383COMMON

Download Yara Rule

Strings

hu, xrefs: 00F1232F
lc, xrefs: 00F12507
sj, xrefs: 00F12327
a|, xrefs: 00F12317

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID: a|$hu$lc$sj
API String ID: 0-3748788050
Opcode ID: b27973e313f69c371685761aec9d9b59a562049116f85401e2e96cab2fd71a38
Instruction ID: d0d5db78ae890acfe0501fd2d167b22bbe58c39c8624646014ee2f90444c254c
Opcode Fuzzy Hash: b27973e313f69c371685761aec9d9b59a562049116f85401e2e96cab2fd71a38
Instruction Fuzzy Hash: 77A1AE748083418BC720DF58C891A6BF7F0FF96364F588A0CE8D59B291E339D991DB96

Function 00F1D7AF Relevance: 5.2, Strings: 4, Instructions: 213COMMON

Download Yara Rule

Strings

KV, xrefs: 00F1D97D
#', xrefs: 00F1D9EA
T>, xrefs: 00F1D984
CV, xrefs: 00F1D98B

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID: #'$CV$KV$T>
API String ID: 0-95592268
Opcode ID: 0ffa1cb7722ff2512e29d4a22f640ede415ebcac501a630ba931d167ec85ac95
Instruction ID: 4b143083b055237fbd2709e0a839624dd6fc1e36f76faa3890ddbd7dd78910ec
Opcode Fuzzy Hash: 0ffa1cb7722ff2512e29d4a22f640ede415ebcac501a630ba931d167ec85ac95
Instruction Fuzzy Hash: 028145B4801B459BDB20DFA5D6851AEBFB1FF12300F60560CE486ABA55C334AA55CFE2

Function 00F1AC91 Relevance: 5.1, Strings: 4, Instructions: 128COMMON

Download Yara Rule

Strings

(g6e, xrefs: 00F1ACA1
lk, xrefs: 00F1ACBC
,{*y, xrefs: 00F1AD07, 00F1AD13
4c2a, xrefs: 00F1ACA9

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID: (g6e$,{*y$4c2a$lk
API String ID: 0-1327526056
Opcode ID: 1534e12b2e4d28fb55773d8dfadad80efd40bb981fcb0f851d7bb2984d77d219
Instruction ID: 5ff1c6cc9f434b027b55712b97b81581500498ce9e9d4b68093309c23d98a8ed
Opcode Fuzzy Hash: 1534e12b2e4d28fb55773d8dfadad80efd40bb981fcb0f851d7bb2984d77d219
Instruction Fuzzy Hash: 454186B4809381CBD7209F24D900BABB7F0FF86305F54995DE9C897260EB36D984DB96

Function 00F1C470 Relevance: 4.2, Strings: 3, Instructions: 419COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00F1C8C3, 00F1C8CB
~/i!, xrefs: 00F1C537
%*+(, xrefs: 00F1C9E4, 00F1C9ED

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID: %*+($%*+($~/i!
API String ID: 0-4033100838
Opcode ID: 0de4975dfdf81fd2c86496976aa3c031046005b22f27e9c244f89fc5f6cee957
Instruction ID: 484f8d23ce524c4cfb0863963baf62a49581d476ab0cfd36ca8dd62e93fd34ad
Opcode Fuzzy Hash: 0de4975dfdf81fd2c86496976aa3c031046005b22f27e9c244f89fc5f6cee957
Instruction Fuzzy Hash: B1E1B8B5908344DFE3209F24D881B5ABBF5FB96350F48882CE9C887251D735D854DB92

Function 00EF8590 Relevance: 4.1, Strings: 3, Instructions: 387COMMON

Download Yara Rule

Strings

), xrefs: 00EF8616
IEND, xrefs: 00EF89F0
), xrefs: 00EF860C

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID: )$)$IEND
API String ID: 0-588110143
Opcode ID: a945104ae6d7d12d1c459a823700c1f0883f02e21785519c328029485b405c05
Instruction ID: e57414b94461c43b855579306548dacc6f24b82b5d84bd2577e7ed30b9929f98
Opcode Fuzzy Hash: a945104ae6d7d12d1c459a823700c1f0883f02e21785519c328029485b405c05
Instruction Fuzzy Hash: 1DE1C3B1A0870A9FD310CF28C94176ABBE0FB94314F14592DE699A7381DB75E914CBC2

Function 010B9728 Relevance: 3.4, Strings: 2, Instructions: 945COMMON

Download Yara Rule

Strings

|?, xrefs: 010B9E3A
9/O_, xrefs: 010B9CD9

Memory Dump Source

Source File: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID: 9/O_$|?
API String ID: 0-2250708709
Opcode ID: b0bf0dad16d22c696df21b273d91cb89745fe5d15089f5366d0e55e0e444da9b
Instruction ID: 3af8cf918c19260957641bfa098acee0475c610c1271e3122afe424efab2efa6
Opcode Fuzzy Hash: b0bf0dad16d22c696df21b273d91cb89745fe5d15089f5366d0e55e0e444da9b
Instruction Fuzzy Hash: B452D8F360C604AFE3046E29EC8577AB7E5EF94720F16863DEAC4C3744E63599018697

Function 00F34040 Relevance: 3.1, Strings: 2, Instructions: 577COMMON

Download Yara Rule

Strings

f, xrefs: 00F3420C
%*+(, xrefs: 00F340A4, 00F340AD

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID: %*+($f
API String ID: 0-2038831151
Opcode ID: e45752814b780385e8f0fcfe3fcd702d6b980ee2eebb15a5afca5603430d6b36
Instruction ID: f361e49117e3c25ceaf37714675e083d776e337689236e25685756b883ea0688
Opcode Fuzzy Hash: e45752814b780385e8f0fcfe3fcd702d6b980ee2eebb15a5afca5603430d6b36
Instruction Fuzzy Hash: 6D128B71A083419FC715DF18C880B2ABBE5FB89324F188A2CF8959B391D735F9459B92

Function 00F2F620 Relevance: 3.0, Strings: 2, Instructions: 461COMMON

Download Yara Rule

Strings

dg, xrefs: 00F2F7F5
hi, xrefs: 00F2F6E6

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID: dg$hi
API String ID: 0-2859417413
Opcode ID: 9f8cbe778bfeebcea157c4f170777c068915a4727766ce34072a6d36586c8701
Instruction ID: 714f84dcedf48c08e0890881c9c3ca2f330d62e45dcce2c8bf419518283532a4
Opcode Fuzzy Hash: 9f8cbe778bfeebcea157c4f170777c068915a4727766ce34072a6d36586c8701
Instruction Fuzzy Hash: 23F1A575618301EFE704CF24D891B2ABBF5FB96354F94992CF4858B2A1C738D848DB12

Function 00EF35B0 Relevance: 2.9, Strings: 2, Instructions: 411COMMON

Download Yara Rule

Strings

NaN, xrefs: 00EF360E
Inf, xrefs: 00EF3607

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID: Inf$NaN
API String ID: 0-3500518849
Opcode ID: cc102714e906ed3c76cde075da30218eada4e746e50ae204eacafb0a184078eb
Instruction ID: c50cdd58a7d8aa9bccba9d77d834041346bf71a35abda17cdd21a0bd24a2c4fc
Opcode Fuzzy Hash: cc102714e906ed3c76cde075da30218eada4e746e50ae204eacafb0a184078eb
Instruction Fuzzy Hash: D6D1F771A083159BC718CF29C88066FB7E1EFC8750F25992DFA99A7390E775DD048B82

Function 01088AE1 Relevance: 2.7, Strings: 2, Instructions: 220COMMON

Download Yara Rule

Strings

"a7o, xrefs: 01088CF6
y;+, xrefs: 01088B03

Memory Dump Source

Source File: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID: "a7o$y;+
API String ID: 0-3022978655
Opcode ID: 07058e2a6870c728c9c7c4e17eb243a3b082d09f6d028d67f568b1f4c4e60981
Instruction ID: b87eda96d2a8128be2e6ff4f9443ff7552b12f2750a51863836c8c95b511a8f3
Opcode Fuzzy Hash: 07058e2a6870c728c9c7c4e17eb243a3b082d09f6d028d67f568b1f4c4e60981
Instruction Fuzzy Hash: BF515AB3A186145BF304AE2DECC477ABBD6DFD4724F2AC63DEAC097744D53948058282

Function 00F0FFDF Relevance: 2.7, Strings: 2, Instructions: 185COMMON

Download Yara Rule

Strings

BaBc, xrefs: 00F10197
Ye[g, xrefs: 00F100F6

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID: BaBc$Ye[g
API String ID: 0-286865133
Opcode ID: 54de24b616329983ec4b8e3085bed0adafda9826f3e02729fe09a6e27b69070b
Instruction ID: 66a15b7baa3703dd4f0a75175001a8ee35a5b74e4639d4cf69799aa079a12f82
Opcode Fuzzy Hash: 54de24b616329983ec4b8e3085bed0adafda9826f3e02729fe09a6e27b69070b
Instruction Fuzzy Hash: E651BEB1A083858BD331CF14C881BABB7E0FF96360F18491DE49A9B651E7B499C0DB57

Function 00EF5160 Relevance: 1.8, Strings: 1, Instructions: 577COMMON

Download Yara Rule

Strings

%1.17g, xrefs: 00EF54C8

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID: %1.17g
API String ID: 0-1551345525
Opcode ID: d2ebb4a126277c10e7a1c31ecbc915388690bd34173225b85ad2464f5a65df4c
Instruction ID: 7ac013eaa357eb0b2f5a795a3ffbbeffe86db1a02f7f9ea9e5637213c1546b6f
Opcode Fuzzy Hash: d2ebb4a126277c10e7a1c31ecbc915388690bd34173225b85ad2464f5a65df4c
Instruction Fuzzy Hash: 5822D4B3608B4A8BE7158E18D840336BBE2AFF1348F19956EDB59AB391E771DC04C741

Function 00F212D0 Relevance: 1.7, Strings: 1, Instructions: 484COMMON

Download Yara Rule

Strings

", xrefs: 00F215D1

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
Instruction ID: e000a2119f1630aa3827ac06e96a18e72f7fc63876726e0a7e31f6a202487c5a
Opcode Fuzzy Hash: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
Instruction Fuzzy Hash: 83F15671A083614BC724CE24D490B6BBBE6BFE5320F1C856DE88A87382D634DD05E796

Function 00F1AE57 Relevance: 1.7, Strings: 1, Instructions: 455COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00F1B2D3, 00F1B2DB

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: cac2ebf11f14ccf31c1c41bee701a9f6f8c9cd6691904dadaaff29bc633980ee
Instruction ID: 12801889109d2fdb9865c373132c6253ecc87fa3a9af75b30af997f5cfd91598
Opcode Fuzzy Hash: cac2ebf11f14ccf31c1c41bee701a9f6f8c9cd6691904dadaaff29bc633980ee
Instruction Fuzzy Hash: 6DE1BD75508306DBC324DF28C4905AEB7F2FFA9791F54891CE8D587220E335E999EB82

Function 00F06EBF Relevance: 1.7, Strings: 1, Instructions: 447COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00F06EF3

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 8839a4ff41a258e8a342bed2224ab2cda5c605c218a2ff0339c0ecfe5d894584
Instruction ID: 2cf4f068b5f8060a8b4725a77ed36e2c4ba0bb28c6d61ad4a8b7be329f17c260
Opcode Fuzzy Hash: 8839a4ff41a258e8a342bed2224ab2cda5c605c218a2ff0339c0ecfe5d894584
Instruction Fuzzy Hash: 78F1ADB5A00B05CFD7249F24D881A26B3F2FF48325B14892DE597C7A91EB34F925EB41

Function 00F17E60 Relevance: 1.7, Strings: 1, Instructions: 425COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00F18263, 00F1826B

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: c4cdda0f6d05cb8f76ce22b0a1e8ba4364613a338c84237fabf8a064e68dd154
Instruction ID: aad3c429cfd257d0ad91277f3f2184de35a7fe4c929e13329e3610d06b7ef698
Opcode Fuzzy Hash: c4cdda0f6d05cb8f76ce22b0a1e8ba4364613a338c84237fabf8a064e68dd154
Instruction Fuzzy Hash: B0C1E272908300ABD710EB14C941A6BB7F5EF967A4F18481CF8C597251E735DC92EBA2

Function 00F18D62 Relevance: 1.7, Strings: 1, Instructions: 410COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00F19233, 00F1923B

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 79dc0c7b63d244c4e560b0ab67fcdf55b70bb519ca5a200ee9f3f494c475ad65
Instruction ID: 5d008993c4577c011effc4c8a02ca6fe96ab9778a3c013ba4bc7f0428cd693df
Opcode Fuzzy Hash: 79dc0c7b63d244c4e560b0ab67fcdf55b70bb519ca5a200ee9f3f494c475ad65
Instruction Fuzzy Hash: 17D1DC34A18306DFD704DF68DC90A6AB7F5FF9A310F09886CE98287291DB34E845EB51

Function 00F37FC0 Relevance: 1.6, Strings: 1, Instructions: 387COMMON

Download Yara Rule

Strings

P, xrefs: 00F38167

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID: P
API String ID: 0-3110715001
Opcode ID: 1a48d8f3ca2e333636bd2270efbbf3910027b9d351f88809e019c0a36c902958
Instruction ID: cab50eeffd970318fce0b3547b5bfb318af96c4bc565c0a3c5dbbd82f9e67668
Opcode Fuzzy Hash: 1a48d8f3ca2e333636bd2270efbbf3910027b9d351f88809e019c0a36c902958
Instruction Fuzzy Hash: 57D1E3729083658FC725CE18D89071EB6E1EB85768F19862CF8B5AB381CB75DC06E7C1

Function 00F1CCD0 Relevance: 1.6, Strings: 1, Instructions: 357COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00F1CDC3, 00F1CDCB

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: %*+(
API String ID: 2994545307-3233224373
Opcode ID: 7ccc5d6f04f1d38998872eb3565837bb3dc6c262dcf561eb425995b2f4d65f0c
Instruction ID: 4a0b996e4037615f9952ba93f0a8aba0a33aee774571ed419ff357085f69e7af
Opcode Fuzzy Hash: 7ccc5d6f04f1d38998872eb3565837bb3dc6c262dcf561eb425995b2f4d65f0c
Instruction Fuzzy Hash: 61B10071A483059BD714EF14D880B6BBBF2EF95350F14482CE5C58B352E335E895EBA2

Function 010AF9CC Relevance: 1.6, Strings: 1, Instructions: 310COMMON

Download Yara Rule

Strings

jz_, xrefs: 010AFAE3

Memory Dump Source

Source File: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID: jz_
API String ID: 0-347747079
Opcode ID: 887d3c18164b29171fb3798950f3b037a74124bf2e262ecf150c26e1cd872886
Instruction ID: 6d9feeeb7ada4d58941397d4ef9147a0ac7ea99319507eab304717f66306f73a
Opcode Fuzzy Hash: 887d3c18164b29171fb3798950f3b037a74124bf2e262ecf150c26e1cd872886
Instruction Fuzzy Hash: 20A1E3B35093149FE304BF29EC8157AF7EAEF98761F16892DD6C483344EA3558448693

Function 00EFA850 Relevance: 1.5, Strings: 1, Instructions: 271COMMON

Download Yara Rule

Strings

,, xrefs: 00EFA9C3

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID: ,
API String ID: 0-3772416878
Opcode ID: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
Instruction ID: 92aba9b457573dca3ad9995fdec41dcab59221f4d3b40f01407d310f8d6cfb74
Opcode Fuzzy Hash: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
Instruction Fuzzy Hash: 90B129711083859FD324CF58C88062BBBE1AFA9704F488E2DF5D99B342D671EA18CB57

Function 00F2FC20 Relevance: 1.5, Strings: 1, Instructions: 265COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00F2FCA4, 00F2FCAD

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 2cd21a50599bd094b2752f0dfa931086f48f43fb4c6034820fbee258c91b2c36
Instruction ID: 8af0b2800b15a5fe4144b060d5d21af1d25dc2da4186936598dc52dc6f651ca4
Opcode Fuzzy Hash: 2cd21a50599bd094b2752f0dfa931086f48f43fb4c6034820fbee258c91b2c36
Instruction Fuzzy Hash: AC81DF75628304ABD710EF54EC80B2AB7F5FB9AB11F84483CF98487252D734D918EB62

Function 00F0D457 Relevance: 1.5, Strings: 1, Instructions: 248COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00F0D663, 00F0D66B

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: abb5a5a8857039a251276a2210ea2cde2a9293943283e70647d54c05e18a04f4
Instruction ID: 95e5b1abb2d12c371706d59c0c0aec9fd72e586898609ead9be3d3192e021ba4
Opcode Fuzzy Hash: abb5a5a8857039a251276a2210ea2cde2a9293943283e70647d54c05e18a04f4
Instruction Fuzzy Hash: 7961E176908208DBD710EF58DC42A3AB3B1FF95364F180928FD869B391E775E910E792

Function 00FCBE00 Relevance: 1.5, Strings: 1, Instructions: 232COMMON

Download Yara Rule

Strings

|>', xrefs: 00FCBED8

Memory Dump Source

Source File: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID: |>'
API String ID: 0-2457550420
Opcode ID: f5bd5124e515ebd3c258dee6fb7480967cce2b3c645bb2973c7a7722285218cd
Instruction ID: 44faefb3ef31f93e3657ea2b2c652b5306f647efb63a6d3cee8427b08019f172
Opcode Fuzzy Hash: f5bd5124e515ebd3c258dee6fb7480967cce2b3c645bb2973c7a7722285218cd
Instruction Fuzzy Hash: E3714CF3A182109BF718AA2CDC9577AB7D5EB58320F1A463DEFC5D3380E53A5C148686

Function 00F34A40 Relevance: 1.5, Strings: 1, Instructions: 220COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00F34C33, 00F34C3B

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: b21cea2e4ef8da48ea46582364432d4d54c526f9cb97e3a4f77c5bbdcc36c35a
Instruction ID: 205ba01cb48d224b1f24d1a8c659aa42063e1a3a51a41f700288929d3de234e6
Opcode Fuzzy Hash: b21cea2e4ef8da48ea46582364432d4d54c526f9cb97e3a4f77c5bbdcc36c35a
Instruction Fuzzy Hash: 3E61DD75A083459BDB10DF25D880B2AFBE6EBC5770F18892CE985872A1D735FC40EB52

Function 0102EB83 Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

Gw|, xrefs: 0102EC7A

Memory Dump Source

Source File: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID: Gw|
API String ID: 0-1732724757
Opcode ID: fa96c262e16bfe3bffe39ff21903231db6e0b0f7758f79f8eca015d242abd0c7
Instruction ID: cebdc2bbe9a4b0512bdec9f5166828dd80cab5f3522f71610a57eb32a01eb9f3
Opcode Fuzzy Hash: fa96c262e16bfe3bffe39ff21903231db6e0b0f7758f79f8eca015d242abd0c7
Instruction Fuzzy Hash: 1D5128B3A082108BF3045A38EC9577ABBD5EB80370F2A463DEA95D7384D9799C0583D6

Function 00EFE1A0 Relevance: 1.4, Strings: 1, Instructions: 175COMMON

Download Yara Rule

Strings

000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081, xrefs: 00EFE333

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
API String ID: 0-2471034898
Opcode ID: 7a39a85215e8861ffb9a9665fce68074a69efd2bd29f54011a97fa101ae0daad
Instruction ID: 32a682c702d9e1fdfe86e691f83839e9103683fe2513ac25bad3d39584aafb66
Opcode Fuzzy Hash: 7a39a85215e8861ffb9a9665fce68074a69efd2bd29f54011a97fa101ae0daad
Instruction Fuzzy Hash: 99514833A1A6944BD328893C5C553B97AC70BD2334B3DD76AEAF5EB3F0E55549009380

Function 00F33920 Relevance: 1.4, Strings: 1, Instructions: 172COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00F339E3, 00F339EB

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 67602f4c77f6aa7f2105c7368e666e171aa861698f19b910184d258f8ff9ecb6
Instruction ID: 48a1e85cc31067c33565f8fa7c1b224596437d875255bf6860d36f8a630e5ea2
Opcode Fuzzy Hash: 67602f4c77f6aa7f2105c7368e666e171aa861698f19b910184d258f8ff9ecb6
Instruction Fuzzy Hash: 46519078A09244DBCB24DF19D880B2EBBE6FF85764F14882CE4C687251D379DD10EB62

Function 00F01BEE Relevance: 1.4, Strings: 1, Instructions: 128COMMON

Download Yara Rule

Strings

L3, xrefs: 00F01C3E

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID: L3
API String ID: 0-2730849248
Opcode ID: e6a50dab5ccc8faaadcd80e98cd0b567450b2b52e1c355903cf63c179201a981
Instruction ID: 698e5c82c139339fc86ee760e10894b611a7bcd420135f2d619d2069bba4bb40
Opcode Fuzzy Hash: e6a50dab5ccc8faaadcd80e98cd0b567450b2b52e1c355903cf63c179201a981
Instruction Fuzzy Hash: 0D4173B84083849BD7149F24C894A6FBBF0FF86724F04890CF9C59B290D736D905EB66

Function 00F2FF70 Relevance: 1.4, Strings: 1, Instructions: 124COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00F30033, 00F3003B

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 47978ad7c8a53fd29cd7392d1c0828a49e41675bf174b53655a8299c74737341
Instruction ID: bdc9eea9b6f15660a52361f8ce8a9b57caaf0e8ee40bda2eccb451993664e289
Opcode Fuzzy Hash: 47978ad7c8a53fd29cd7392d1c0828a49e41675bf174b53655a8299c74737341
Instruction Fuzzy Hash: 323124F1A08305ABD614EA14DC91F2BB7E8EB81764F144829F88597252E731EC14E7A3

Function 00F1E40C Relevance: 1.4, Strings: 1, Instructions: 108COMMON

Download Yara Rule

Strings

72?1, xrefs: 00F1E6A2

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID: 72?1
API String ID: 0-1649870076
Opcode ID: f686b3a21bfe138a005bb785e2cbcfc6a48160b83c271e593c9b0408906e4e08
Instruction ID: 80c3e2363257c2c96aa00a43745b51f0cb4ae1a1dec54ed2fd81fc200941fdc1
Opcode Fuzzy Hash: f686b3a21bfe138a005bb785e2cbcfc6a48160b83c271e593c9b0408906e4e08
Instruction Fuzzy Hash: A031E9B5D00209CFEB20CF94E9905BFB7B5FB1A354F640818D946A7341D335A944DBA1

Function 00F06F91 Relevance: 1.4, Strings: 1, Instructions: 108COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00F0703B

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 923dc8f105fa63411ed430460095ced58f02d23507d6595e718cf063000a92aa
Instruction ID: 941aa753f4d909ae346f7e13d4e2db1d742ea81cce72f4f2988cf0a14f389220
Opcode Fuzzy Hash: 923dc8f105fa63411ed430460095ced58f02d23507d6595e718cf063000a92aa
Instruction Fuzzy Hash: EF418B75A04B08DBD7349F21C990F27BBF2FB49711F14895CE9868B6A1E331F800AB10

Function 00F1E66A Relevance: 1.4, Strings: 1, Instructions: 100COMMON

Download Yara Rule

Strings

72?1, xrefs: 00F1E6A2

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID: 72?1
API String ID: 0-1649870076
Opcode ID: 3231547b35c61d189ba9775b81c737a56b678421138bdb1c385da3e125d45387
Instruction ID: 43785cccfc4ef579d2718a62d10eadc721fc74ac4945f72dbe447bf04243d903
Opcode Fuzzy Hash: 3231547b35c61d189ba9775b81c737a56b678421138bdb1c385da3e125d45387
Instruction Fuzzy Hash: 8521B5B5900609CFEB20CF95D9905BFBBF5BB1A744F64081CD846AB341C335AD85EBA1

Function 00F39CE0 Relevance: 1.3, Strings: 1, Instructions: 87COMMON

Download Yara Rule

Strings

@, xrefs: 00F39D30

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: @
API String ID: 2994545307-2766056989
Opcode ID: 04fa9fe4dda1513324205cb8294debc838c311b568586e449da5dace7d130b4c
Instruction ID: f136167bd02ddcc97e6ff43aeb79956874984b1c9433a48881e79e4be572c969
Opcode Fuzzy Hash: 04fa9fe4dda1513324205cb8294debc838c311b568586e449da5dace7d130b4c
Instruction Fuzzy Hash: B531637490C3049BD310EF19D880A2AFBF9EF9A324F14892CE6C897251D3B5D904DBA6

Function 00F04E2A Relevance: 1.0, Instructions: 957COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c24a3fea0e0b9540dc8e770a7127590af500511e3d0f35b945591930cdf3895b
Instruction ID: f56c7b4a6cbe44129ee6e4f20d1063144ebd69a07c7d90dd831e9ad258ffbb7c
Opcode Fuzzy Hash: c24a3fea0e0b9540dc8e770a7127590af500511e3d0f35b945591930cdf3895b
Instruction Fuzzy Hash: B1625BB0900B008FD725CF24D994B27B7F6AF45714F54892CD49B8BA92E775F808EBA1

Function 00EFBEB0 Relevance: .9, Instructions: 895COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
Instruction ID: af8140460ea8ec4d3067ed625193b2ecb65f4272b73df51ab0fd2b566d8e0239
Opcode Fuzzy Hash: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
Instruction Fuzzy Hash: CC521A31A0871D8BC7259F18D5402BAF3E1FFC5319F395A2DDAD6A3290E734A851CB86

Function 00F38652 Relevance: .7, Instructions: 710COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3e9893168a8d147eb19c6f2f09294700ae887e06422914273a96e89884a1010
Instruction ID: 27bf239237ede6922724cbe02ae43f630cf096a00913e8592c3ed17e60d8db8c
Opcode Fuzzy Hash: f3e9893168a8d147eb19c6f2f09294700ae887e06422914273a96e89884a1010
Instruction Fuzzy Hash: 8C22DB3960C344CFC704DF68E89062ABBE1FF9A325F09886DE98997351C775E950EB42

Function 00F386F0 Relevance: .7, Instructions: 681COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 496886c13f544510cafceb6971feb74dd33fe541607402cf559a3a018b889865
Instruction ID: 6830d3818e340f08287427591efa2e3c815b42962e8cfe4d2d06acd13f0196b1
Opcode Fuzzy Hash: 496886c13f544510cafceb6971feb74dd33fe541607402cf559a3a018b889865
Instruction Fuzzy Hash: B922BA3960C344DFC704DF68E89062ABBE1FB9A315F09896DE8C997361C375E950EB42

Function 00EFB3A0 Relevance: .7, Instructions: 670COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74a8d8ac49b255d3370d3263675aa5a6e07528734c74a0880d61c29ca31a8a50
Instruction ID: 090bcb4845d1921209e2ce666f58e006db5c99f0a3c818651f6b2b9cce088895
Opcode Fuzzy Hash: 74a8d8ac49b255d3370d3263675aa5a6e07528734c74a0880d61c29ca31a8a50
Instruction Fuzzy Hash: FB52B570908B8C8FE735CB24C4843B7BBE2EB91318F146D2EC6D616AC6D779A885C751

Function 00EF71F0 Relevance: .7, Instructions: 657COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec3fa88e4b01209a536ec2e55f5459fbab83055ed32869493aa79a90e3735700
Instruction ID: 33f74b2a1f8fc590baedb38dcfbfdfce615766e64b36460ac86f3ce8ac213a13
Opcode Fuzzy Hash: ec3fa88e4b01209a536ec2e55f5459fbab83055ed32869493aa79a90e3735700
Instruction Fuzzy Hash: 8A52BF3150C3498BCB15CF28C0906BABBE2BF88318F199A6DE9D967351D774D989CB81

Function 00EF8FD0 Relevance: .6, Instructions: 620COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 828664035aa945bb083aea57e6242ec0e638556194dcd0f3c91c68ad40c34299
Instruction ID: c68ee51e9bf8f66b9ffc1a80603a3330368c049d50fc0b9493f8c7100d5a3c6b
Opcode Fuzzy Hash: 828664035aa945bb083aea57e6242ec0e638556194dcd0f3c91c68ad40c34299
Instruction Fuzzy Hash: 28426879608305DFE704CF28E8507AABBE2BF88325F09886DE5858B3A1D735D945DF42

Function 00EF7BF0 Relevance: .6, Instructions: 592COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c49bee6629e7149e735773c3b12ddda2f089aaea095d64c5239bbaf094fc3669
Instruction ID: 2d3f68dcc6bb51dd54db6eafcf1588e18b998fd081c461271e42c9d9ce30f32f
Opcode Fuzzy Hash: c49bee6629e7149e735773c3b12ddda2f089aaea095d64c5239bbaf094fc3669
Instruction Fuzzy Hash: C4323370615B188FC328CF29C69056ABBF1FF45700BA06A2ED6A797B90D736F845CB10

Function 00F389A0 Relevance: .5, Instructions: 545COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96b445f94269e41e5dc1717d15b7da0d83b050543c6a0542726a37921dd3b356
Instruction ID: 8df4168093b1df7e7667a4d36f086e0d9762d62da7b9c5882f9c4a4a6f3dc353
Opcode Fuzzy Hash: 96b445f94269e41e5dc1717d15b7da0d83b050543c6a0542726a37921dd3b356
Instruction Fuzzy Hash: 7602AA3960C344DFC704DF68E88062AFBE1EB9A315F09896DE8C597361C375E910EB92

Function 00F38A80 Relevance: .5, Instructions: 524COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d501cb9e693af74a393927fe1ad9544785d6ed7310332bf817adbee02cff946
Instruction ID: be1234fd97f26f87186aa5536bab4e91276b0dd96722477d6f08f5e4251d6e8e
Opcode Fuzzy Hash: 2d501cb9e693af74a393927fe1ad9544785d6ed7310332bf817adbee02cff946
Instruction Fuzzy Hash: D2F19A3560C344DFC704DF28E88062AFBE1EB9A315F09896DE8C597351D376E910EB92

Function 00F38C02 Relevance: .5, Instructions: 487COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ac3b12f77c244f8531f0cd30384647537e758028435cd56e796f29e2a563c7e
Instruction ID: 5b6375d4d76370229cffa3d7bfc8bb0e607ba6de68ffe8210d2ae700b1cf3437
Opcode Fuzzy Hash: 1ac3b12f77c244f8531f0cd30384647537e758028435cd56e796f29e2a563c7e
Instruction Fuzzy Hash: 2CE1AC3560C344CFC704DF28E88062AF7E1EB9A325F09896CE9D997351D776E910DB92

Function 00EFA300 Relevance: .5, Instructions: 459COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
Instruction ID: 01c424eca7b404febfacf9bb8a4dd27a155579eb83b88f92e74e9cb01edd73e5
Opcode Fuzzy Hash: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
Instruction Fuzzy Hash: B7F1DE752087458FC724CF29C88066BFBE2EFD8304F08982DE5C98B751E679E945CB52

Function 00F38E70 Relevance: .4, Instructions: 420COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acaf938d132c9e29eb35c1fb055c360eb6d3f121e934299885b05ebc4e9d904c
Instruction ID: 239c45bf325727e79304c2dee2bd056b7d98e04d5ba6d8eb66db0dc9177b5a8e
Opcode Fuzzy Hash: acaf938d132c9e29eb35c1fb055c360eb6d3f121e934299885b05ebc4e9d904c
Instruction Fuzzy Hash: C2D1AB3460C280DFD304EF28E88062AFBE5EB9A715F09896CE4C597251D776E910EB92

Function 00F04487 Relevance: .4, Instructions: 389COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d890ef38652586246dff0b965c0ddcde7d8e6702a09a2c1325541156ef2bee27
Instruction ID: f60ad68110e9dee97d62d37851bc311d92fd2246a3f5c0f5deeb23619247ffa1
Opcode Fuzzy Hash: d890ef38652586246dff0b965c0ddcde7d8e6702a09a2c1325541156ef2bee27
Instruction Fuzzy Hash: 27E100B5A01B008FD325CF28D992B97B7E1FF46704F04886CE5AAC7792E735B8149B54

Function 00F36CBF Relevance: .4, Instructions: 384COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db7a1dc77b0c60c7d7b286b34e576936a67101a174891c844ee100c92d5c23f7
Instruction ID: 0fbd6f3b4cb4e2d5d55cce2b29513fe298946c12107e34842245c15f38fab26d
Opcode Fuzzy Hash: db7a1dc77b0c60c7d7b286b34e576936a67101a174891c844ee100c92d5c23f7
Instruction Fuzzy Hash: 90D1E33A618359CFCB14CF38D8C052ABBE1AB9A314F098A7CE995C7391D334DA44DB91

Function 00F37AB0 Relevance: .4, Instructions: 354COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a4a41f6719cd9a7361ba2f9a617a1140a180bd80830f988d905a0c55992a6a8
Instruction ID: 889ae8609afc594d912a74ce976f070f051b8548fd3adb6f8e3e4be1e377395a
Opcode Fuzzy Hash: 9a4a41f6719cd9a7361ba2f9a617a1140a180bd80830f988d905a0c55992a6a8
Instruction Fuzzy Hash: 57B104B2A0C3548BE724EA28CC4176FB7E5AFC5324F18492CE99997391E735EC049792

Function 00EFAF10 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
Instruction ID: daf194871c2f551429a4c9bae18d7e2748d130c5470c7d3a58bdcdbf60057d37
Opcode Fuzzy Hash: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
Instruction Fuzzy Hash: 4CC18DB2A487458FC360CF28CC967ABB7E1FF85318F08492DD2D9D6242E778A155CB06

Function 00F06536 Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7703d4fc4b2a07020acf9ea2f5d42e328626f22a2738bc76a6dd96311c5ec03
Instruction ID: ffa5d25c9f106c2fc91510951eae97fa8188d932871bf04bce99aec117896740
Opcode Fuzzy Hash: e7703d4fc4b2a07020acf9ea2f5d42e328626f22a2738bc76a6dd96311c5ec03
Instruction Fuzzy Hash: 62B101B4600B408FD321CF24C981B27BBF1AF46704F14885CE8AA9BB92E735F815DB55

Function 00F37710 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b2f02297ec87f657cb3f8f853cdc5b671aeb446bf3f54b673a6649b9e1336616
Instruction ID: 658e8471f4618f2fc86598404f4c55b4de6aac3837047d17b496ece6f06f7d82
Opcode Fuzzy Hash: b2f02297ec87f657cb3f8f853cdc5b671aeb446bf3f54b673a6649b9e1336616
Instruction Fuzzy Hash: D09180B5A0C305ABE720EB14CC40B6FBBE5EB85360F54491CF98497352E734E940EB92

Function 00F3A0D0 Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 726cfc8007a3960fb56262dc30859ffca8fef44292d24afce1217b7ae8f47090
Instruction ID: a3f4ecfe35f63393089dcf49752a2a508e99ba2b800ab0aec697d8ac8d1f8051
Opcode Fuzzy Hash: 726cfc8007a3960fb56262dc30859ffca8fef44292d24afce1217b7ae8f47090
Instruction Fuzzy Hash: B1818E346087058BD724EF2AC880A2FB7E5EF99760F45896CE9C5C7251E736EC10DB92

Function 00F264F0 Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4078511fe47d792b77dec99dec29e70f9a8b948f5e679baf58971994221d45f
Instruction ID: 94ba9b11688fa98a536d986b68f7474ace0a3d374cdee757d405ea055780e779
Opcode Fuzzy Hash: f4078511fe47d792b77dec99dec29e70f9a8b948f5e679baf58971994221d45f
Instruction Fuzzy Hash: E271D433B29AA04BC3148D7C6C92395BA434BD6334F3D8379A9B4DF3E5D6294C066381

Function 00F128E9 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ae3965fb8fd8a80d471830bfff4e21e7e277cceefc24bfa1be5cf360d5dd23d
Instruction ID: 79f96206f95a247f1244b47d6dd71686032af97eba60811146eebd5ce9de84c5
Opcode Fuzzy Hash: 1ae3965fb8fd8a80d471830bfff4e21e7e277cceefc24bfa1be5cf360d5dd23d
Instruction Fuzzy Hash: 86619AB48083408BD310AF54D851A6BBBF0FFA2760F18491DF9C69B261E339D960DB67

Function 00F17C00 Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f9ef1a20aaea4f1efa899beff04adbba754a0134a2d0413de445d2586613c75
Instruction ID: 0886c5b2636bedd7157cbf608de8b631476564c4f417e8597ee472e7fea4c18f
Opcode Fuzzy Hash: 4f9ef1a20aaea4f1efa899beff04adbba754a0134a2d0413de445d2586613c75
Instruction Fuzzy Hash: 5751B2B16083099BDB20AB24DC92BB773B4EF85364F144558F989CB391F375E881D762

Function 00F8A022 Relevance: .2, Instructions: 225COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6cbcbcdcfb1f86f290ef7a4d4eaa6e4a1f1562b849a0aaddba3dac9e0e95029
Instruction ID: d7333251c157c8556df5ea2490d808505885935aa8f21d69109b8d3abf498bd0
Opcode Fuzzy Hash: e6cbcbcdcfb1f86f290ef7a4d4eaa6e4a1f1562b849a0aaddba3dac9e0e95029
Instruction Fuzzy Hash: A361F7F3A086049FE3006E2DEC8576AF7D5EBE4720F1B453DDAC887380EA7959158687

Function 00F21860 Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
Instruction ID: 82ecc9a927fa60caab09fdc9bbd909fbffb6015d93a350fb80ed52e044e511c4
Opcode Fuzzy Hash: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
Instruction Fuzzy Hash: 2261D432A093219BD714CE28E5C031FBBE2FBE5360F64C92DE4898B351D274DD85AB49

Function 00F282D0 Relevance: .2, Instructions: 215COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 998d9f4235bdbaeba5322c097697d688af724c0cab960edf5fde155b09b39348
Instruction ID: e9490653b7ac32e0be4af6a4a07d786b870a6b19fcf8c8ae39b628d52a4ce085
Opcode Fuzzy Hash: 998d9f4235bdbaeba5322c097697d688af724c0cab960edf5fde155b09b39348
Instruction Fuzzy Hash: 91613823A5BAB04BD314853C6C563A66A831BD67B0F3EC36699F18B3E5CD694C036381

Function 00F042FC Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87db992267dc725f3c8bb33547a10ac579796c8fa94ece14b033116e15429a82
Instruction ID: fff4be70cf7bf5925745edfdc38f0788b6d7d5f19fbed7a3315b3cd5c617436b
Opcode Fuzzy Hash: 87db992267dc725f3c8bb33547a10ac579796c8fa94ece14b033116e15429a82
Instruction Fuzzy Hash: 3581EFB4810B00AFD360EF39D947757BEF4AB06301F404A1DE5EA96694E7306419DBE3

Function 00F2E8A0 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
Instruction ID: 139393d911bcb6e0d7c786ab544e77771f8658a1f706fc4ab99a2280142a2ea6
Opcode Fuzzy Hash: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
Instruction Fuzzy Hash: 5C515CB1A087548FE314DF69D89435BBBE1BB85318F144E2DE4E987350E379DA088F82

Function 00FB25BB Relevance: .2, Instructions: 183COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 096b7475a4552603ee79470661505863ebe2ed56a8b082d1004b183f46216279
Instruction ID: 76e6c1a798ea35d3b15dae756d2b38d67366d791594a09876af4442fea3f7a3b
Opcode Fuzzy Hash: 096b7475a4552603ee79470661505863ebe2ed56a8b082d1004b183f46216279
Instruction Fuzzy Hash: 8A5109F3A081005FF3145929EC857BAB7DADFD4320F2A863DEB98D7784E9385C068695

Function 0107EB99 Relevance: .2, Instructions: 183COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2de4a2d4bcd0246d745319e2b79a2a6cd2993bcdaa01f0c59662159f2b40b538
Instruction ID: d6246b63c3b679c9ba53169bb51e5162ccdc605f8448bcde6e9e6439beaa629c
Opcode Fuzzy Hash: 2de4a2d4bcd0246d745319e2b79a2a6cd2993bcdaa01f0c59662159f2b40b538
Instruction Fuzzy Hash: 3951AAF3E182084BF3149968EC553B67AC6EB90720F1E863DAF84D7788F87E8C024185

Function 00F37520 Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97866d2d9dfb64723925daecfd6fa0a74066dad830af1b85a51427c9855f6826
Instruction ID: c85383399e326dc0d7a09fde2a88a34c82a2ff413df3cb3070f4f257aaf9d3de
Opcode Fuzzy Hash: 97866d2d9dfb64723925daecfd6fa0a74066dad830af1b85a51427c9855f6826
Instruction Fuzzy Hash: DD51057560C304ABC724AE18CC91B2EB7E6FB85774F288A2CF8D597391D635EC10A791

Function 00EF5A50 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b24fc54b37d2a0c1f4fa6d633a87d83a6c31b4e050f02f22d65212fbe3f040b7
Instruction ID: 5b2420c4696e6eb10f0582f1504a8a6eb7a318223d80683d30769c8cff9e87a7
Opcode Fuzzy Hash: b24fc54b37d2a0c1f4fa6d633a87d83a6c31b4e050f02f22d65212fbe3f040b7
Instruction Fuzzy Hash: A0510576A047089FC714DF14C880936B7E0FF95328F25566CEA96AB342D730EC52CB91

Function 00F7E0AD Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8278906cbf2b60c729d718da676e44c568c99f897c7bfd5c444d77917cb5eb79
Instruction ID: f4506fd945c5a861dd4158564506d013bc9853d6e5393752aeabb19edf381440
Opcode Fuzzy Hash: 8278906cbf2b60c729d718da676e44c568c99f897c7bfd5c444d77917cb5eb79
Instruction Fuzzy Hash: 114185F3F042185BE3046D7CED4936676DA8BD0361F1A463DDE8493B88EC79990582C6

Function 010752E4 Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: faba430260ae1dd83b4de4ff23f2dddb95b02504e1deb05c94b3443deb563a93
Instruction ID: a1864001008d7d31c3adc50b0ef5fb66cbda36083bed2e4d632538dc39f1ebb8
Opcode Fuzzy Hash: faba430260ae1dd83b4de4ff23f2dddb95b02504e1deb05c94b3443deb563a93
Instruction Fuzzy Hash: 5B4125F3E082089FF3187E29DC9573AB7D5AB94300F1A493DEAC9C7740F93998154286

Function 00F1EC48 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6b1c46ac6c85847692fdf9a3acc842d256a9d9dbcb10a2deca69f8f7ec8795f
Instruction ID: 3cd2546d5cd29b5a457b8076efe14ce05e7e3b62cbf77dad83608d3a4b90d331
Opcode Fuzzy Hash: e6b1c46ac6c85847692fdf9a3acc842d256a9d9dbcb10a2deca69f8f7ec8795f
Instruction Fuzzy Hash: 6C419E78D00329DBDF208F54EC91BA9B7B0FF0A350F144548E945AB3A0EB38A990DB91

Function 00F39B60 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4a61b63c4dc40f60b75bb8627698860ecd7bfa264c1f93f6ea48567b53ecb72
Instruction ID: 169d61d5bb146357ef2d6c40b38441f29e363deb5bf7342b385fdc7d98f8fd18
Opcode Fuzzy Hash: d4a61b63c4dc40f60b75bb8627698860ecd7bfa264c1f93f6ea48567b53ecb72
Instruction Fuzzy Hash: F241BE3460C305ABD714EB15D990B2AF7E6EB85B70F14982CF98987251C3B5EC00EB62

Function 00F02030 Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b77026477e3aeb8e85b7e5c1f60ea152a0050107ebf5db61e03b87ae6597ae90
Instruction ID: 8d18f1b06fc5f51bfa9add9a894389e05f27d27f297f47eedeb0550491de63b3
Opcode Fuzzy Hash: b77026477e3aeb8e85b7e5c1f60ea152a0050107ebf5db61e03b87ae6597ae90
Instruction Fuzzy Hash: FE410732A0C3654FD75DCE2A84A423ABBE2AFC5310F09C66EE4D6873D0DA748945F791

Function 0106548C Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e21ada7073e6cc34bdc7f4049026c97b5ff0d75ca94b4d4e657dc29367d850a
Instruction ID: ba984598d2dfcd3f797a79764af472e74e250f9cf6fa125a8d119622d438745a
Opcode Fuzzy Hash: 6e21ada7073e6cc34bdc7f4049026c97b5ff0d75ca94b4d4e657dc29367d850a
Instruction Fuzzy Hash: 9941E7F3A0C2009FE314AE19ECD577AF7E9EB98324F1A453EDAC5C3740E57558058692

Function 00F01E93 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc43ed48543234725f6628c9a29aff5c456bdd64e5cd4b5323848f6544e8c3ff
Instruction ID: 4ca92b89d5d277c6afd2f0714d20d375dc0cd7d38fd9cafeb015bfcecebe52e3
Opcode Fuzzy Hash: cc43ed48543234725f6628c9a29aff5c456bdd64e5cd4b5323848f6544e8c3ff
Instruction Fuzzy Hash: CE41E2745083809BD320AB55C888B2EFBF5FB86755F144D1CF6C497292C37AE814AB66

Function 00F38D8A Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fbbe951406e1e8174faf1de7ed868900856728adf461321ec9aebd7eb646c107
Instruction ID: fcdea657c6cb8d45f2d912ea1121a636d79bb8bc2688d150f31ccbb6d0d432be
Opcode Fuzzy Hash: fbbe951406e1e8174faf1de7ed868900856728adf461321ec9aebd7eb646c107
Instruction Fuzzy Hash: 4341C131A0C3508FC305EF68C49052EFBE6AF99360F199A1DE4D5D72A1CB78DD068B82

Function 00F0D961 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40f39755c816ee988de1cd8d538696d7cb4e62a698ce1a5f20517fd03c0b3cfe
Instruction ID: 329f38ec26ca2ca4512e8ca2df7a0e401014f1711d6241b9db28bdf44908413b
Opcode Fuzzy Hash: 40f39755c816ee988de1cd8d538696d7cb4e62a698ce1a5f20517fd03c0b3cfe
Instruction Fuzzy Hash: 8641A0B5609385CBD730DF54C841BABB7B0FFA6364F040958E58A8B7A2E7744940EB53

Function 00F2F030 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
Instruction ID: 7a9575b00bd2d56784eb59933845d9705ebe2742546ebbaeb8fd561097a7a12a
Opcode Fuzzy Hash: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
Instruction Fuzzy Hash: 122137329182244BC324DB59D881A3BF7F4EB99B14F06863ED9C4A7295E3359C2897E1

Function 00F367EF Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5363501ee5462f32421b59bbf548080b44d4553414bf7b53fb78f39e4526bb12
Instruction ID: 84e92557b08f0727105e99d6368e2d58f9c6f89afd238e9b025bd608e0c54920
Opcode Fuzzy Hash: 5363501ee5462f32421b59bbf548080b44d4553414bf7b53fb78f39e4526bb12
Instruction Fuzzy Hash: B0311370518382AAD714DF14C49062FBBF0AF967A4F54980DF4C8AB261D338D985DB9A

Function 00F15E70 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97a678cce1c5035ebb77c6a8681e48a473b9909ec70f46226108cfe55712ff2b
Instruction ID: def954c0e16ee7c94dd78bcec27fed4e9444d5d0a42b38ffbaa39194b6b0bd47
Opcode Fuzzy Hash: 97a678cce1c5035ebb77c6a8681e48a473b9909ec70f46226108cfe55712ff2b
Instruction Fuzzy Hash: 1D21B271908601DBD310AF18C85196BBBF4EF92B64F54890CF4D59B291E334D940EBA3

Function 00EF49A0 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
Instruction ID: 614d48e6bfb564f406f237feb80562c20668e3b1fadb536d6105861f53d78cf7
Opcode Fuzzy Hash: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
Instruction Fuzzy Hash: C1310CB17486059BD7119E1CD88053BB7E1EFC431CF18A92CEA9AAB281E331DC52CB46

Function 00F364B8 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3bdb50c14207254810ef3356a41b5240fb91112308d152d74b385dbfcd93eef
Instruction ID: 137081800ecd6eb98d82f8346ea2f9bedb0e8556f16ed66fb8060216c824f168
Opcode Fuzzy Hash: d3bdb50c14207254810ef3356a41b5240fb91112308d152d74b385dbfcd93eef
Instruction Fuzzy Hash: C5214C7490C244EBC704EF19D480A2EFBF6FB95765F28881CE4C493361C335A850EB62

Function 00F2B650 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction ID: 0f88457ec7c337c2a3c16af099b2fe156340c0b491d507cbe183b6b087abbc6c
Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction Fuzzy Hash: 0811E933A051E50EC3168D3C9440565BFA31AA3334B5D43E9F8B49B2D2D7228D8AA355

Function 00F20B80 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
Instruction ID: a1884faa6e2bb7290ff5ff09b412dfa077b687cb3f095a0fa7fb67cbd333bf51
Opcode Fuzzy Hash: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
Instruction Fuzzy Hash: C201B1F2E0071687E7309E10A5D0B3BB2E8AFC4728F28552CE90697203DF75EC14D691

Function 00F1D1E1 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c1cdb29ba242489fcef4cffbd5046db24971a1243c051c362b318a977b73c60
Instruction ID: 1cbbfac01a9eb734e8083998590fa5a11d7fd46121b103398c12a0b8fe892693
Opcode Fuzzy Hash: 5c1cdb29ba242489fcef4cffbd5046db24971a1243c051c362b318a977b73c60
Instruction Fuzzy Hash: 4611ECB0408380AFD3109F618984A2FFBF5EBA6714F148C0DF6A49B251C379E859DF56

Function 00EF6EA0 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0411a348240778326c6b9651c20663421511e66a1e3d407212bbec4e9c00f2b
Instruction ID: 44aa0585dc43c45a2dfee24732de62adf5bf1918d68a771337d129ce315534f0
Opcode Fuzzy Hash: d0411a348240778326c6b9651c20663421511e66a1e3d407212bbec4e9c00f2b
Instruction Fuzzy Hash: 83F0B43B71921E1BA620CDABA88483BB396D7D9369B146539EB41E3201DD72E8069190

Function 00F2B8C0 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
Instruction ID: 6506d07c58c905065930edc77b6421f51c28c54387ea28b09faa2761b04cb969
Opcode Fuzzy Hash: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
Instruction Fuzzy Hash: 1E0162B3A199610B8348CE3DDC1156BBAD15BD5770F19872DBEF5CB3E0D230C8118695

Function 00F0C5F0 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
Instruction ID: afd6f86e1ed7dc578beff9a6215ab27dc393fb41cabbec3b70aacfa27007612f
Opcode Fuzzy Hash: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
Instruction Fuzzy Hash: EB014B72A196204B8308CE3C9C1112ABEE19B86330F158B2EBCFAD73E0D664CD548696

Function 00F0B410 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
Instruction ID: 9cfd8ac5b579ba6d4b701480ffbd58b4debfe9dbc0cd4b67a6b93b45d7a405f2
Opcode Fuzzy Hash: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
Instruction Fuzzy Hash: A3F0ECB5A0861057DF22CE549CC0F37BB9CCB87364F190426E84557183D2A15945D3E5

Function 00F28220 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27771640d648c50949d9332bf566cb7859fc55dfe90456e5a843f2a0c3679868
Instruction ID: 9a8beb97ae44d24dbf6ce6efac7d055da5b58851a8f0ee4bcfc098d1e9c70b20
Opcode Fuzzy Hash: 27771640d648c50949d9332bf566cb7859fc55dfe90456e5a843f2a0c3679868
Instruction Fuzzy Hash: F001E4B04107009FC360EF29C445747BBE8EB08764F004A1DE8EECB681D770A5448B82

Function 00F31440 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
Instruction ID: 745828328f20f74d7d338253f08bbe7672edac674c286cb26853cf7cfa9b6d55
Opcode Fuzzy Hash: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
Instruction Fuzzy Hash: 95D05E21A08321469B64CE19E400977F7E0FA87B21F49955EF586E3148D230DC41D2A9

Function 00F01ACD Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e6df698b593fa1682a8cebac30c4b5058e83eefd511fa6e30621b9354fe6a24
Instruction ID: 7e374270ba0e07a8d1bb466cb45379f02eb32504ffe490373a3f39377900cd61
Opcode Fuzzy Hash: 8e6df698b593fa1682a8cebac30c4b5058e83eefd511fa6e30621b9354fe6a24
Instruction Fuzzy Hash: 03C01238B180088BC204CF40F895A32B2B9A307308700A02ADA02F3261CA20D41AB909

Function 00F36094 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0065f5ef7ce23589cbf954a4c26ec0afa0478ad39b04a0227256862d3f75fdc
Instruction ID: 0b014608ec914194487a96248c55a4453371c66a0c15220da93ce878b3c7bf13
Opcode Fuzzy Hash: f0065f5ef7ce23589cbf954a4c26ec0afa0478ad39b04a0227256862d3f75fdc
Instruction Fuzzy Hash: D7C09B3C65C00487910CCF14D951675F3B6DBF7B18B35B11DCC0623255C134D552B55C

Function 00F01A3C Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50651f85794096bb8979f44674367e9c084fcba5960b1ecb52efd91826a09255
Instruction ID: a235144243f464cc48f99d618c2bce1e349bf2cc54a1133233107a7f460529dd
Opcode Fuzzy Hash: 50651f85794096bb8979f44674367e9c084fcba5960b1ecb52efd91826a09255
Instruction Fuzzy Hash: 79C04C25F590448BC244CF85E891532B2A95306218710703A9602E7261C560D419A509

Function 00F35FD6 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.2166300758.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166352385.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166370270.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166385097.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166399447.0000000000F5C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166502426.00000000010AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166519446.00000000010AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166567026.00000000010D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166580509.00000000010D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166597904.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166633024.00000000010D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166648163.00000000010D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166662727.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166678302.00000000010DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166725207.00000000010E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166750053.00000000010FD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166770130.0000000001100000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166790587.0000000001108000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166829702.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166843524.000000000112A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166856296.000000000112B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166870036.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166884278.0000000001138000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166901320.000000000113D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166922180.000000000114A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166940103.000000000114E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2166960786.0000000001156000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167068443.0000000001159000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167087810.0000000001161000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167106256.0000000001163000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167136701.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167164540.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167198445.000000000117D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167217730.000000000117E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167244379.0000000001189000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.000000000118E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167261748.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167308334.00000000011DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167329859.00000000011DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167343125.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167371918.00000000011F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2167385097.00000000011F4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0b1a5571f89874e84eaca10d0452414a64851f2960e96761153bc51dd5c4847
Instruction ID: 9d7fe9fb203289ec61bd44f5dca96c7b8acbbbebc9c3e5071de0bb1c9ed02396
Opcode Fuzzy Hash: f0b1a5571f89874e84eaca10d0452414a64851f2960e96761153bc51dd5c4847
Instruction Fuzzy Hash: C8C09228B680088BA24CCF18DD51A35F2BADBFBA18B25B12DCC06A3256D134D552960C

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Windows Analysis Report
file.exe

Function 00F350FA Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63
libraryCOMMON

Function 00EFFCA0 Relevance: 5.4, Strings: 4, Instructions: 373
COMMON

Function 00EFD110 Relevance: 1.7, APIs: 1, Instructions: 168
COMMON

Function 00F35700 Relevance: 1.6, APIs: 1, Instructions: 69
memoryCOMMON

Function 00F35BB0 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Function 00F3695B Relevance: 1.4, Strings: 1, Instructions: 100
COMMON

Function 00F0049B Relevance: .3, Instructions: 264
COMMON

Function 00F33220 Relevance: 1.6, APIs: 1, Instructions: 59
memoryCOMMON

Function 00F33202 Relevance: 1.5, APIs: 1, Instructions: 6
memoryCOMMON